How to manage the impact of COVID-19 on cyber security

24/03/20

The coronavirus (COVID-19) outbreak has caused an increase in both the likelihood and impact of cyber attacks, as organisations react rapidly to potentially significant operational and financial challenges. The nature of the threat is also changing, with attackers exploiting uncertainty and unprecedented situations.

We expect that many initial organisational responses to COVID-19 will have a net-negative impact on the cyber security posture of the business. This will be both as a result of existing risks being left unaddressed as security expenditure is cut and IT changes are frozen, and as we see new risks emerging.

In our new whitepaper below, we give an in-depth look at how COVID-19 has created new opportunities for cyber threat actors and the steps that organisations should take to mitigate these risks. This blog gives a top-level summary of our recommendations.

Three ways to mitigate cyber security risks emerging from COVID-19

Secure newly implemented remote working practice

COVID-19 has forced organisations to shift rapidly to remote working at scale. This is likely to have a significant impact on both IT infrastructure requirements and the attack surface. 

For example, security controls may not be applied to new systems or tools hastily stood up to support employees with remote working. Similarly, existing procedures and good practices may be side-stepped or become unavailable.

In our whitepaper, we outline a number of steps that organisations should take to ensure they maintain security while employees are working from home. These include:

  • Monitoring for shadow IT and moving users towards approved solutions;

  • Ensuring remote access systems are fully patched and securely configured;

  • Reviewing tactical actions and retrospectively implementing key security controls which may have been overlooked; and,

  • Ensuring remote access systems are sufficiently resilient to withstand DDOS attacks.

Ensure the continuity of critical security functions

Organisations need to plan ahead so they can maintain resilient security functions as the COVID-19 outbreak develops. By closely following medical advice, you can plan for the expected peaks in COVID-19 cases and the higher numbers of employees likely to be absent from cyber security teams.

This will involve reducing the reliance on people, as well as maximising the use of process and technology to perform key cyber security activities. Further steps include:

  • Identifying and monitoring critical security activities;

  • Reviewing how privileged users are going to perform administration; and,

  • Deploying asset management tooling to ensure continued visibility as systems are moved away from the internal network.

Counter opportunistic threats that may be looking to take advantage of the situation

As well as reinforcing their security technology, organisations need to remain alert to opportunistic threats. A big part of this will involve giving employees specific guidance on how to spot suspicious activity, such as targeted phishing campaigns using COVID-19 lures, or highlighting to finance teams increased risks of business email compromise attacks which attempt to exploit different or new ways of working. 

Organisations should also guard against the increased risk of insider threats and apply quick-win technical controls across the IT estate where possible.

The emerging COVID-19 threat landscape

Threat actors are already exploiting the uncertainty and extraordinary response caused by the COVID-19 pandemic. 

The criminal threat actor behind Emotet, which provides malware delivery services to sophisticated criminal actors including TrickBot, Ryuk and Dridex, began using COVID-19 phishing lures in January 2020, while the crisis was still in its early stages. 

Other actors have since followed suit, with hundreds of new COVID-19 themed phishing lures being created each day. We have identified criminal and state-sponsored campaigns exploiting COVID-19 and anticipate they will also use VPN and video conferencing software lures to take advantage of users unfamiliar with remote working.

Contact us

Chris Gaines

Chris Gaines

Lead Cyber Security Partner, PwC United Kingdom

Tel: +44 (0)7718 976995

Sean Sutton

Sean Sutton

Partner, Cyber Security, PwC United Kingdom

Tel: +44 (0)7483 407797

Follow us