Building a human firewall: how to be cyber-resilient during the COVID-19 pandemic

March 18, 2020

Determined to flatten the curve of the coronavirus spread, Canadians are acting in social solidarity—working from home, leaving only for necessities, medical care, or to attend to more vulnerable members of our communities.

There is a second vulnerability we need to build a human firewall to prevent from further spiking during the COVID-19 pandemic—cyber breaches.

The Canadian Centre for Cybersecurity has noted an increase in reports of malicious actors using the CoronaVirus (COVID-19) in phishing campaigns and malware scams.

“Hackers are taking advantage of collective anxiety about COVID-19,” says Vivek Gupta, national cybersecurity lead for BDO Consulting. “Human behaviour can be the weakest—or the strongest—link protecting us from unwanted outcomes.”

The impact of a cyber incident during a crisis—while most employees work remotely and place more demands on infrastructure and IT—could have far-reaching impacts.

The COVID-19 pandemic is a time to go back to basics, to good digital hygiene—not opening emails without confirming the sender, for instance, even when it claims to offer critical information about how to respond to the crisis. Cybercriminals are exploiting increased interest in learning about novel coronovirus.

Before the first diagnosis of COVID-19, Canada already had among the highest costs associated with cyber breaches. The average cost of a breach for all Canadian businesses, US$4.4 million, is about $500,000 higher than the global average of US$3.92 million, according to a July 2019 Ponemon Institute report.

Your organization may be able to negate the impact of a breach if it is cyber-resilient.

Cyber-resilience strengthens your company’s capacity to resist attacks and enables it to continue to function if, or when, an incident takes place—even during a global crisis.

5 tactics to be cyber-resilient during the COVID-19 pandemic

There are three factors that influence cyber-resilience—people, processes, and technology. Our tactics consider all three, and are relevant to all industries, operating business-as-usual or during this unprecedented global pandemic

1) (Re)establish an organizational culture of cybersecurity—Support all employees in following cybersecurity policies, processes, and procedures through comprehensive cybersecurity awareness, education, and (re)training programs (with a focus on the most prevalent forms of cyber-attack during the COVID-19 pandemic—spear-phishing campaigns, for instance)

2) Implement advanced cyber-diagnostic assessments attuned to the risks malicious actors are presenting during the pandemic, including:

  • Email cyber-attack assessments
  • Spear-phishing campaigns
  • Network and endpoint cyber-attack assessments
  • Vulnerability scanning assessments
  • Penetration testing

3) Create a cyber-breach incident-response plan—Develop and test an enterprise-wide information-system incident-response plan to identify, contain, eradicate, and quickly recover from cyber-attacks.

4) Ensure information-system resilience—Implement and test an enterprise-wide business-continuity plan (BCP) and disaster-recovery plan (DRP).

5) Conduct 24 x 7 x 365 Monitoring, Detection, and Response (MDR) —Continually monitor, detect, and respond to all cyber incidents impacting email systems, networks, software applications, and all information-system endpoints using advanced security information event management (SIEM) software, data-visualization tools, automation, and artificial-intelligence (AI) capabilities.

To develop a threat-based cybersecurity strategy specific to your business, contact us.

This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our privacy statement for more information on the cookies we use and how to delete or block them.