Perspectives

COVID 19: Cyber considerations amid a global pandemic

Fundamental Cyber Strategy considerations

As the effects of the Coronavirus are felt around the world, the primary focus of governments and businesses is the safety of their citizens, employees, and customers. Meanwhile, cyber attackers are impersonating health organisations (for example: World Health Organization, healthcare organisations, etc) and other government entities, in malicious email campaigns designed to invoke fear, hoping to trigger action that will provide them opportunity to gain access to systems and sensitive information. A carefully considered approach will enable an organisation to proactively address cyber challenges during an extraordinary event.

Cyber considerations amid extraordinary events 

As organisations recommend employees work remotely there is increased use of mobile devices and remote access to core business systems, proactive measures may enhance user experiences and security for remote access, safely enabling opportunities for telework. Unprotected devices could lead to the loss of data, privacy breaches, and systems being held at ransom. Organisations should:

  • enforce a consistent layer of multi-factor authentication (MFA) or deploy a step-up authentication depending on the severity of access requests.
  • ensure identity and access management processes fully secure third-party identities access networks. 
  • have a comprehensive view of privileged identities within their IT environments, including a procedure to detect, prevent, or remove orphaned accounts. 


Increase awareness of threats 

Phishing campaigns related to COVID-19 are increasing and well disguised as reputable health organisations, for example. Organisations should remain vigilant for scams related to Coronavirus Disease 2019 (COVID-19). Cyber actors may send emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes. Attacks like these can propagate quickly and extensively impact.


Manage your cyber resilience

Organisations can improve their defense posture and attack readiness with good cyber hygiene, incident response strategy, architecture and implementation of cyber recovery solutions to mitigate the impact of cyber-attacks. A viable cyber resiliency program expands the boundaries of traditional risk domains to include new capabilities like employee support services; out-of-band communication and collaboration tools; and a cyber recovery vault.

No matter the event or circumstance, Deloitte helps organisations to strategically prepare for, respond to, recover and transform from high-consequence cyber incidents that could seriously disrupt operations, damage reputation, and destroy shareholder value. Cyber strategies should converge across business, operations, business continuity/technical resilience, and crisis management functions as well as employ unique methods that reveal network exposures, detection of advanced threats, and discovering systemic Incident Response process gaps.

Cyber Strategy Framework

Manage your cyber resilience during Covid-19

Discover more
Did you find this useful?