Article

COVID-19 executive cyber briefing

A weekly high-level brief for organizational leadership that focuses on some of the most current cyber threats and trends as identified by Deloitte Cyber Threat Intelligence (CTI), with near-term recommendations on managing cyber risks to respond, recover and thrive through the COVID-19 global pandemic.

COVID-19 executive cyber briefing: Issue 6 | Cyber insider threats

This week's issue focuses on the rise of COVID-19 related cyber threats to insider threat, as well as suggested adjustments to cyber security risk management in context with recent organizational constraints due to the pandemic.

Did you know?
The COVID-19 pandemic has sparked massive workforce transformation. As noted in past weeks, the unprecedented transition of countless employees, contractors, and third parties to remote work has left many organizations unprepared to monitor or detect insider threats that may arise due to unauthorized remote access, the misuse of personal devices, mounting reliance on cloud infrastructure, weak password and authentication policies, unsecure networks and printing equipment and misuse of corporate assets. Just as critically, however, the turbulence created by COVID-19 is proving fertile ground for malicious insiders.

Insider threats
In fact, the average cost of insider threats catapulted by over 30 percent in the past two years, to $11.45 million annually. This week we highlight the growing risk of malicious insider threats. 92% of insider threat cases were preceded by a negative work event, such as a termination, demotion, or dispute with a supervisor.59% of employees who leave an organization voluntarily or involuntary say they take sensitive data with them.

An insider is a person who has the potential to harm an organization for which they have inside knowledge or access. An insider threat can have a negative impact on any aspect of an organization, including employee and/or public safety, reputation, operations, finances, national security, and mission continuity.

Issue 6: Cyber insider threats

COVID-19 executive cyber briefing: Issue 5 | Supply Chains

This week's issue focuses on the rise of COVID-19 related cyber threats to supply chains, as well as suggested adjustments to cyber security risk management in context with recent organizational constraints due to the pandemic.

Did you know? 
In the past 60 days, there has been an increase in attacks to supply chain related to COVID-19, including targeted attacks on known organizations (e.g., UPS). The organization should define security requirements and having a cyber-risk management program to evaluate third-party (and even fourth-party) services can reduce the risk of attacks on their supply chains.

The cyber threats to supply chains
Manufacturing industry consistently featured among the most frequently targeted industries. Surveyed indicated that 40% of manufacturers had their operations affected by a cyber-incident in the past 12 months. Average financial impact from an loT-focused cyber incident is $330,000. Average financial impact from a data breach in 2018 is $7.5M. Meanwhile, cyber vulnerabilities in supply chain are on the rise.

With supply chains already facing risks of shutdown, reduced operations forward in these due to social distancing, and re-tooling operations to make Personal Protective Equipment, additional disruptions from cyber incidents may have a more severe impact.

Issue 5: Supply Chains

COVID-19 executive cyber briefing: Issue 4 | Incident Response

This week’s issue focuses on the rise of COVID-19 related cyber attacks, as well as suggested adjustments to cyber incident response (CIR) playbooks and plans in context with recent organizational constraints due to the pandemic.

Did you know? In the past 30 days, there has been an increase in malware and phishing campaigns related to COVID-19, including targeted attacks on known organizations, such as the WHO and Gates Foundation. While the overall volume of threats isn’t increasing, threat actors have increasingly shifted to COVID-19 lures to capitalize on fears around the pandemic. This is evident in the increase of malware samples incorporating COVID-19 themes collected by Deloitte CTI. The lures focused on maps, then personal protective equipment followed by Government incentives. Many organizations are also required to meet a variety of cybersecurity and privacy regulations.

Cyber Incident Response: In preparing for the inevitable cyber incident involves more than preparing to react— to merely neutralize a one-off attack. It involves the ability to respond effectively and repeatedly—to plan proactively, to defend your critical systems and data assets vigorously, to get ahead of evolving threats, and to recover thoroughly when attacks do occur. During this time of COVID-19, cyberattacks can increasingly take a toll on corporate balance sheets when they can least afford it.  A strong cyber incident response (CIR) capability adapted to social distancing restrictions becomes essential for businesses. Cyber adversaries are looking for opportunities and will exploit opportunities presented by the COVID-19 phases. 

Issue 4: Cyber impact: Incident Response

COVID-19 executive cyber briefing: Issue 3 | Data Privacy

This week we highlight a few of the issues and related cyber threats impacting consumers, non-profit organizations and healthcare organizations globally. The ongoing COVID-19 pandemic has amplified risk factors by increasing the volume of attacks targeting user data and threatening privacy. In addition, research from Deloitte Cyber Threat Intelligence (CTI) indicates COVID-19 pandemic responses by healthcare providers and research institutes are hampered by cyber adversaries who are launching cyber-attacks across the globe targeted at critical healthcare infrastructure.

Did you know?  Multiple COVID-19 related "watering hole" attacks have been launched to steal information including browser cookies, page histories, payment information, form autofill information and saved login credentials. A watering hole attack is a security exploit in which the attacker seeks to compromise a specific group of end users by infecting websites group members are known to visit.

Questions on data privacy: As societies transition to the “next normal”, whenever their governments deem the timing right, traditional organizations have tough decisions to make around how to bring employees and customers back into their businesses. Do they take temperatures, wait for antibody testing, or ask for health disclosures? Whichever path they choose, there will be considerations around data privacy. This cyber briefing sets out the questions organizations should ask themselves about data privacy and protection, helping to start conversations on data creation and collection; analysis and use; storage and processing; sharing and transferring; retention and destruction.

Issue 3: Cyber impact: Data Privacy

COVID-19 executive cyber briefing: Issue 2 | Critical infrastructure

This week’s issue focuses on top trends in cyber impacts to health service providers and health research institutes during COVID-19 pandemic, as well as broader industry agnostic thought leadership on cyber implications in critical infrastructure.

Did you know? The COVID-19 pandemic is changing the definition of critical infrastructure for many countries across the globe. Organizations traditionally considered critical (power and water plants, communications, emergency response, etc.) have been joined by others that were not considered critical or essential– before COVID-19. For example, The US Department of Homeland Security (DHS) added the for-hire transportation sector to its list of “essential critical infrastructure workers” amid the COVID-19 pandemic. New designees also include research labs, supermarkets and other manufacturing and logistics organizations. As an extension of this new alignment, the supply chains of these organizations are also now categorized as critical infrastructure.

As part of a country’s critical infrastructure, many organizations are now required to meet a variety of cybersecurity and privacy regulations. Previously, these organizations had minimal cybersecurity compliance requirements, and those were in the context of ISO quality standards, not government-mandated cybersecurity standards. But now, as part of the country’s critical infrastructure, the organizations are required to meet a variety of cybersecurity and privacy regulations.

Read more about how various sectors are now catching up on their security and compliance requirements.

Issue 2: Cyber impact: Critical infrastructure

COVID-19 executive cyber briefing: issue 1 | Remote workforce

This week’s issue focuses on managing cyber in the remote workforce. Many organizations are relying on employees to use personal devices to access company systems and are vulnerable to cyber threats such as:

  • Cybercriminals and advanced persistence threat (APT) groups are delivering a wide range of malware variants through unprotected devices and end points
  • COVID-19 themed phishing schemes are wreaking havoc for organizations and employees
  • Threats have targeted home routers and video and audio-conferencing tools which are creating risk to intellectual property and proprietary conversations.
Issue 1: Cyber impact: Remote workforce

Contact Us


National Cyber Risk Leader

Xue, Tonny
Partner, RA Cyber Risk
Tel: +86 10 8520 7315
Email: tonxue@deloitte.com.cn


Eastern Region

Feng, Steven Ye
Partner, RA Cyber Risk
Tel: +86 21 6141 1575
Email: stefeng@deloitte.com.cn

Jiang, David Wei
Partner, RA Cyber Risk
Tel: +86 21 2312 7088
Email: davidjiang@deloitte.com.cn

Kukreja, Puneet
Partner, RA Cyber Risk
Tel: +86 21 3313 8338
Email: puneetkukreja@deloitte.com.cn

Shih, Nathan Pei-en
Partner, RA Cyber Risk
Tel: +86 21 3313 8366
Email: nathanshih@deloitte.com.cn

Zhang, Boris Zhen
Partner, RA Cyber Risk
Tel: +86 21 6141 1505
Email: zhzhang@deloitte.com.cn


Northern Region

Xue, Tonny
Partner, RA Cyber Risk
Tel: +86 10 8520 7315
Email: tonxue@deloitte.com.cn

He, Tommy Xiaoming
Partner, RA Cyber Risk
Tel: +86 10 8512 5312
Email: the@deloitte.com.cn

Xiao, Frank Tengfei
Partner, RA Cyber Risk
Tel: +86 10 8512 5858
Email: frankxiao@deloitte.com.cn


Southern Region, Mainland

He, Vivi Wei
Partner, RA Cyber Risk
Tel: +86 755 3353 8697
Email: vhe@deloitte.com.cn


Southern Region, HongKong

Pihkanen, Miro
Partner, RA Cyber Risk
Tel: +852 2852 6778
Email: miropihkanen@deloitte.com.hk

Kwok, Eva Yee Ngar
Partner, RA Cyber Risk
Tel: +852 2852 6304
Email: evakwok@deloitte.com.hk

Ma, Luke Kwok Kwan
Partner, RA Cyber Risk
Tel: +852 2852 1086
Email: lukema@deloitte.com.hk

Did you find this useful?