COVID-19 has transformed the way we work in unprecedented ways, with more people working from home in the longest work from home experiment the world has ever experienced. As organisations re-establish business operations in a phased easing of restrictions, it’s expected that many working from home arrangements will continue.
For organisations to operate successfully in the new normal, maintaining cyber resilience is paramount. Already, in the month of May, we’ve seen a rise in large scale cyber attacks on Australian businesses.
- Logistics provider Toll has suffered its second cyber attack of 2020. The transport company confirmed that employee and commercially sensitive information relating to clients was accessed and data was stolen. The attack caused Toll to shut down its IT systems to mitigate the risk of further damages.
- A cyber attack on BlueScope Steel’s production system resulted in a worldwide system shutdown of operations.
- The department responsible for driver’s licenses and other services at Service NSW was hacked in a cyber attack, placing a range of personal data at risk.
- Money management company MyBudget was hit by ransomware cyber attack causing a system outage affecting thousands of customers.
Besides the damages and disruption to an organisation’s operations, successful cyber attacks could:
- result in substantial financial loss.
- damage an organisation’s reputation and erode customer and shareholder trust and confidence.
- have legal consequences – data protection and privacy laws across many countries require organisations to safely manage all personal data. If the data is compromised and appropriate security measures cannot be proven, organisations may face potentially large fines.
Key considerations for maintaining cyber security in a COVID world.
Importantly, concentrating on your people’s cyber security skills can lessen the risks from social engineering attacks (including phishing). These threats are often successful when an employee inadvertently clicks on a link or open an infected file. Recognising these threats is vital to mitigate the risk of a large scale cyber attack on your organisation.
From a technology standpoint, organisations can implement a range of control measures. These may include firewalls, endpoint detection and response software, virtual private networks (VPN), data encryption and multi-factor authentication (MFA).
Training and education
Another essential pillar in meeting the COVID-19 threat environment is ensuring we can react when things don’t go to plan. For example, by simulating realistic cyber scenario exercises relevant to COVID-19 in a BAU environment.
Consider deploying a regular and robust employee cyber education program (which may include phishing your own people). Training employees to identify email anomalies such as unrecognised sender email addresses and unexpected messages, will improve the organisation’s front-line defence.
Despite having emergency response and business continuity plans, many organisations were underprepared for COVID-19. The pandemic (now considered a live exercise) has provided an opportunity for organisations to plan for further threats – including cyber attacks.
These attacks need to be managed in the ‘new normal’ where the executive team are most likely dispersed and working from home. In this environment, executive team members need the capabilities to manage multiple risks. Planning for parallel events and conducting table-top scenario exercises remotely could add an additional layer of challenge for the response team and enhance their response capabilities.
RiskLogic is here to work with you through COVID-19 to identify cyber security opportunities for resilience and help you prepare for a successful recovery.
Do you like what you’re reading? Subscribe to our newsletter to receive content like this direct to your inbox.