COVID-19 executive cyber briefing: Read the latest
A weekly look for organizational leaders on the most current cyber threats and trends
A weekly high-level brief that focuses on some of the most current cyber threats and trends as identified by Deloitte Cyber Threat Intelligence (CTI), with near-term recommendations on managing cyber risks to respond, recover and thrive through the COVID-19 global pandemic.
COVID-19 executive cyber briefing: 20 May 2020 | Mounting threats
In recent weeks, several countries have begun to ease their COVID-19 lockdown restrictions. Yet, amid the slow transition toward hybrid work environments that enable both onsite and remote work, pandemic-related cyber threats appear undiminished. Coronavirus-themed cyberattacks have now been confirmed in every country in the world. As this week’s briefing shows, targeted attacks are also on the rise—zeroing in not only on popular applications and platforms, but on industries across the board. With each passing week, the urgent need for heightened security vigilance, employee education, and a cyber risk-aware culture becomes clearer.
Create a cyber-aware culture: With no near-end to COVID-19-related cyber threats in sight, organizations are coming to realize that they must strengthen more than their security technologies and policies. They must also foster an organizational culture that reinforces their cyber risk management program. Ignore the ‘people component’ and employees can become part of the problem, creating attack vectors for bad actors to exploit. This further underscores the need to cultivate a cyber risk-aware culture. Here are some of the basic principles:
This week’s issue highlights the recent string of threats and provides principles of a creating a cyber-aware culture for your organization.
COVID-19 executive cyber briefing: 13 May 2020 | Insider threats
The COVID-19 pandemic has sparked massive workforce transformation. As noted in past weeks, the unprecedented transition of countless employees, contractors, and third parties to remote work has left many organizations unprepared to monitor or detect insider threats that may arise due to unauthorized remote access, the misuse of personal devices, mounting reliance on cloud infrastructure, weak password and authentication policies, unsecure networks and printing equipment and misuse of corporate assets. Just as critically, however, the turbulence created by COVID-19 is proving fertile ground for malicious insiders.
An insider is a person who has the potential to harm an organization for which they have inside knowledge or access. An insider threat can have a negative impact on any aspect of an organization, including employee and/or public safety, reputation, operations, finances, national security, and mission continuity.
Identify high-risk insiders. Typically, the majority of malicious insiders are high-risk individuals who have recently been terminated or furloughed, have a history of IT policy violations, have requested undue access, or who are otherwise disgruntled. However, during this pandemic, organizations should be aware that the impact of COVID-19 could create stressful, desperate, even opportunistic, situations for employees who previously may not have considered such activity. Keep in mind, too, that an insider can be an employee, a contractor, or a vendor that uses their verified access to commit a malicious act.
Read more about how organizations can better identify and prevent insider threat attacks.
COVID-19 executive cyber briefing: 6 May 2020 | Supply Chains
This week’s issue focuses on the rising threats targeting elements of supply chain. With supply chains already feeling impact from the novel coronavirus including reduced operations due to social distancing, and re-tooling operations to make Personal Protective Equipment, additional disruptions from cyber incidents may have a more severe impact to operations. This week, we also highlight the top cyber concerns that manufacturers should be aware of as they look to converge IT and OT across their operations.
Did you know? As many leading manufacturers raced globally to do their part to produce critical COVID-19 supplies such as personal protective equipment and ventilators, even new vaccines, they may become targets of theft or extortion by cyber adversaries looking to exploit vulnerabilities that could lead them to valuable intellectual property. The potential for damage in an operations environment can dramatically affect revenue and may shut businesses down completely.
Read more about how organizations can better secure the supply chain in light of these threats.
COVID-19 executive cyber briefing: 29 April 2020 | Incident Response
This week’s issue focuses on the rise of COVID-19 related cyber attacks, as well as suggested adjustments to cyber incident response (CIR) playbooks and plans in context with recent organizational constraints due to the pandemic.
Did you know? In the past 30 days, there has been an increase in malware and phishing campaigns related to COVID-19, including targeted attacks on known organizations, such as the WHO and Gates Foundation. While the overall volume of threats isn’t increasing, threat actors have increasingly shifted to COVID-19 lures to capitalize on fears around the pandemic. This is evident in the increase of malware samples incorporating COVID-19 themes collected by Deloitte CTI. The lures focused on maps, then personal protective equipment followed by Government incentives
As part of a country’s critical infrastructure, many organizations are now required to meet a variety of cybersecurity and privacy regulations.
Read more about how organizations should secure and remediate in light of these threats.
COVID-19 executive cyber briefing: 22 April 2020 | Data Privacy
This week we highlight a few of the issues and related cyber threats impacting consumers, non-profit organizations as well as healthcare organizations globally. The ongoing COVID-19 pandemic has amplified risk factors by increasing the volume of attacks that target user data and impact their privacy. In addition, the Research from Deloitte Cyber Threat Intelligence (CTI) indicates COVID-19 pandemic responses by healthcare providers and research institutes are hampered by cyber adversaries who are launching cyber-attacks around the globe targeted at critical health care infrastructure.
Did you know? Multiple COVID-19 related watering hole attacks were launched to steal information such as browser cookies, history, payment information, form autofill information and saved login credentials. A watering hole attack is a security exploit in which the attacker seeks to compromise a specific group of end users by infecting websites that members of the group are known to visit.
Questions on data privacy: As societies transition into the “next normal”, whenever their governments deem the timing right, traditional organizations have some tough decisions to make around how to bring employees and customers back into their businesses. Do they take temperatures, wait for antibody testing, do they ask for health disclosures? Whichever path they choose, there will be considerations to be made around data privacy. This issue provides questions organizations should be asking themselves on data privacy and protection to help start the conversations around creation or collection; analysis and use; storage and processing; sharing and transferring and retention and destruction.
COVID-19 executive cyber briefing: 15 April 2020 | Critical infrastructure
This week’s issue focuses on top trends in cyber impacts to health service providers and health research institutes during COVID-19 pandemic, as well as broader industry agnostic thought leadership on cyber implications in critical infrastructure.
Did you know? The COVID-19 pandemic is changing the definition of critical infrastructure for many countries across the globe. Organizations traditionally considered critical (power and water plants, communications, emergency response, etc.) have been joined by others that were not considered critical or essential– before COVID-19. For example, The US Department of Homeland Security (DHS) added the for-hire transportation sector to its list of “essential critical infrastructure workers” amid the COVID-19 pandemic. New designees also include research labs, supermarkets and other manufacturing and logistics organizations. As an extension of this new alignment, the supply chains of these organizations are also now categorized as critical infrastructure.
As part of a country’s critical infrastructure, many organizations are now required to meet a variety of cybersecurity and privacy regulations. Previously, these organizations had minimal cybersecurity compliance requirements, and those were in the context of ISO quality standards, not government-mandated cybersecurity standards. But now, as part of the country’s critical infrastructure, the organizations are required to meet a variety of cybersecurity and privacy regulations.
Read more about how various sectors are now catching up on their security and compliance requirements.
COVID-19 executive cyber briefing: 6 April 2020 | Remote workforce
This week’s issue focuses on managing cyber in the remote workforce. Many organizations are relying on employees to use personal devices to access company systems and are vulnerable to cyber threats such as:
- Cybercriminals and advanced persistence threat (APT) groups are delivering a wide range of malware variants through unprotected devices and end points
- COVID-19 themed phishing schemes are wreaking havoc for organizations and employees
- Threats have targeted home routers and video and audio-conferencing tools which are creating risk to intellectual property and proprietary conversations.