COVID-19 executive cyber briefing: Read the latest

COVID-19 executive cyber briefing: 6 May 2020 | Supply Chains

This week’s issue focuses on the rising threats targeting elements of supply chain. With supply chains already feeling impact from the novel coronavirus including reduced operations due to social distancing, and re-tooling operations to make Personal Protective Equipment, additional disruptions from cyber incidents may have a more severe impact to operations. This week, we also highlight the top cyber concerns that manufacturers should be aware of as they look to converge IT and OT across their operations. 

Did you know? As many leading manufacturers raced globally to do their part to produce critical COVID-19 supplies such as personal protective equipment and ventilators, even new vaccines, they may become targets of theft or extortion by cyber adversaries looking to exploit vulnerabilities that could lead them to valuable intellectual property. The potential for damage in an operations environment can dramatically affect revenue and may shut businesses down completely.    

Read more about how organizations can better secure the supply chain in light of these threats.

COVID-19 executive cyber briefing: 29 April 2020 | Incident Response

This week’s issue focuses on the rise of COVID-19 related cyber attacks, as well as suggested adjustments to cyber incident response (CIR) playbooks and plans in context with recent organizational constraints due to the pandemic.

Did you know? In the past 30 days, there has been an increase in malware and phishing campaigns related to COVID-19, including targeted attacks on known organizations, such as the WHO and Gates Foundation. While the overall volume of threats isn’t increasing, threat actors have increasingly shifted to COVID-19 lures to capitalize on fears around the pandemic. This is evident in the increase of malware samples incorporating COVID-19 themes collected by Deloitte CTI. The lures focused on maps, then personal protective equipment followed by Government incentives
As part of a country’s critical infrastructure, many organizations are now required to meet a variety of cybersecurity and privacy regulations.

Read more about how organizations should secure and remediate in light of these threats.

COVID-19 executive cyber briefing: 22 April 2020 | Data Privacy

This week we highlight a few of the issues and related cyber threats impacting consumers, non-profit organizations as well as healthcare organizations globally. The ongoing COVID-19 pandemic has amplified risk factors by increasing the volume of attacks that target user data and impact their privacy. In addition, the Research from Deloitte Cyber Threat Intelligence (CTI) indicates COVID-19 pandemic responses by healthcare providers and research institutes are hampered by cyber adversaries who are launching cyber-attacks around the globe targeted at critical health care infrastructure.

Did you know? Multiple COVID-19 related watering hole attacks were launched to steal information such as browser cookies, history, payment information, form autofill information and saved login credentials. A watering hole attack is a security exploit in which the attacker seeks to compromise a specific group of end users by infecting websites that members of the group are known to visit.

Questions on data privacy: As societies transition into the “next normal”, whenever their governments deem the timing right, traditional organizations have some tough decisions to make around how to bring employees and customers back into their businesses. Do they take temperatures, wait for antibody testing, do they ask for health disclosures? Whichever path they choose, there will be considerations to be made around data privacy. This issue provides questions organizations should be asking themselves on data privacy and protection to help start the conversations around creation or collection; analysis and use; storage and processing; sharing and transferring and retention and destruction.

COVID-19 executive cyber briefing: 15 April 2020 | Critical infrastructure

This week’s issue focuses on top trends in cyber impacts to health service providers and health research institutes during COVID-19 pandemic, as well as broader industry agnostic thought leadership on cyber implications in critical infrastructure.

Did you know? The COVID-19 pandemic is changing the definition of critical infrastructure for many countries across the globe. Organizations traditionally considered critical (power and water plants, communications, emergency response, etc.) have been joined by others that were not considered critical or essential– before COVID-19. For example, The US Department of Homeland Security (DHS) added the for-hire transportation sector to its list of “essential critical infrastructure workers” amid the COVID-19 pandemic. New designees also include research labs, supermarkets and other manufacturing and logistics organizations. As an extension of this new alignment, the supply chains of these organizations are also now categorized as critical infrastructure.

As part of a country’s critical infrastructure, many organizations are now required to meet a variety of cybersecurity and privacy regulations. Previously, these organizations had minimal cybersecurity compliance requirements, and those were in the context of ISO quality standards, not government-mandated cybersecurity standards. But now, as part of the country’s critical infrastructure, the organizations are required to meet a variety of cybersecurity and privacy regulations.

Read more about how various sectors are now catching up on their security and compliance requirements.

COVID-19 executive cyber briefing: 6 April 2020 | Remote workforce

This week’s issue focuses on managing cyber in the remote workforce. Many organizations are relying on employees to use personal devices to access company systems and are vulnerable to cyber threats such as:

• Cybercriminals and advanced persistence threat (APT) groups are delivering a wide range of malware variants through unprotected devices and end points
• COVID-19 themed phishing schemes are wreaking havoc for organizations and employees
• Threats have targeted home routers and video and audio-conferencing tools which are creating risk to intellectual property and proprietary conversations.