The outbreak of Covid-19 poses a challenge to many businesses across the globe, also impacting information security as ill-wishing threat actors actively seek to exploit the situation. With the increasing use of remote technology and employees working from home, it is crucial that cybersecurity is included in contingency planning and has the attention of the Board.

Since the worldwide outbreak of Covid-19, there has been an increase in malware using the virus itself as the bait. Cybercriminals try to take advantage of global uncertainty and disruption with additional phishing, online scams and malware installed via Covid-19 heatmaps and social media campaigns.

In light of these insights, we recommend the following steps to best prepare for the current threat landscape for both CIOs and CISOs in order to offer a solution to protect employees that are working from home.

  • Ensure to inform your employees how they can work securely and safely, and how they should handle situations in case of doubts
  • Make sure the employees are aware of what the protocol is in case of incidents or doubts
  • Ensure your helpdesk is fully operational
  • Be vigilant for phishing emails or whaling (i.e. phishing attacks which specifically target your CxO level)
  • Ensure that you as CIO and CISO are included in business decisions related to the crisis. Therefore, be part of the crisis management organization and demonstrate your added value as a trusted advisor, as security measures will be challenged or relaxed during the crisis
  • Above all, think in solutions, not in bottlenecks

Organizations that want to protect themselves from these types of crisis must ensure to incorporate these types of scenarios in their periodic risk assessments at board and operational level. No one can deny that the likelihood of this threat is insignificant and that investments to deal with, or avoid, these risks will be wisely applied by senior management.

As a result of Covid-19, most of the increased spending for companies can be traced back to increased demand of infrastructure and tools/software to support staff that are working from home and has been implemented on short notice. Other cost centers are IT helpdesk facilities and staff.

These additional security measures that were implemented hastily may turn out to be more expensive than under normal circumstances, and these measures can be re-evaluated when business returns to normal.

While the Covid-19 pandemic will significantly impact businesses, the current view of, unfortunately, most senior management is that cybersecurity is merely seen as a cost center rather than a business enabler or business saver. Hence, cybersecurity is critical to collective resilience and must be considered foundational.

CIO/CISO guide

Concern over the scale and impact of the COVID-19 pandemic is growing, leading organizations to consider their response and the actions they need to take now to maintain their business. The CIO and CISO have vital roles in making sure the organization can function as pandemic containment measures are implemented.

Cyber in the Boardroom

Countering the current Covid-19 pandemic requires board-level leadership, insight and the right prioritization in decision-making. Investors, governments, and global regulators are increasingly challenging board members to actively demonstrate diligence in the area of cyber security. Regulators expect personal information to be protected and systems to be resilient to both accidents and deliberate attacks. Value chain partners expect a trustworthy and transparent approach to risks. Meanwhile, customers expect that services are available and data is protected when stored or processed by leading organizations. This report provides a step by step guide to address cyber-risks at board level.

Operational Resilience during Covid-19

Concern over the scale and impact of the Covid-19 challenge is compelling companies to consider the actions they need to take now to maintain their business. The CISO has key roles to play in helping to support the CIO and ensure their organization can function as containment measures are implemented. As a CISO, you need to help ensure your company’s employees can work remotely and are confident that they will be able to perform their jobs away from the office. Achieving this flexibility may require you to revisit decisions on access rights, entitlements, and risk posture. This report addresses the key questions a CISO must ask oneself in the current phase of the Covid-19 outbreak to ensure cyber and operational resilience.

Six cybersecurity considerations during Covid-19