“Hackers are taking advantage of collective anxiety about COVID-19,” says Vivek Gupta, a BDO partner in Cybersecurity. “Human behaviour can be the weakest—or the strongest—link protecting us from unwanted outcomes.”
Determined to flatten the curve of this second surge of coronavirus, Canadians are again acting in social solidarity—working from home, leaving only for necessities, medical care, or to attend to more vulnerable members of our communities.
During the second wave of COVID-19 cases, there is a second vulnerability we need to build a human firewall to prevent from further spiking—cyber breaches.
The Canadian Centre for Cybersecurity has noted an increase in reports of malicious actors using the CoronaVirus (COVID-19) in phishing campaigns and malware scams through 2020.
A cyber incident during a crisis—while most employees work remotely and place more demands on infrastructure and IT—could have far-reaching impacts.
We need to secure our businesses and protect our personal information.
The COVID-19 pandemic is a time to go back to basics, to good digital hygiene—not opening emails without confirming the sender, for instance, even when it claims to offer critical information about how to respond to the crisis. Cybercriminals are exploiting increased interest in learning about novel coronovirus.
Before the first diagnosis of COVID-19, Canada already had among the highest costs associated with cyber breaches. The average cost of a breach for all Canadian businesses, US$4.4 million, is about $500,000 higher than the global average of US$3.92 million, according to a July 2019 Ponemon Institute report.
Your organization may be able to negate the impact of a breach if it is cyber-resilient.
Cyber-resilience strengthens your company's capacity to resist attacks and enables it to continue to function if, or when, an incident takes place—even during a global crisis.
5 tactics to be cyber-resilient during the COVID-19 pandemic—and after it ends
There are three factors that influence cyber-resilience—people, processes, and technology. Our tactics consider all three, and are relevant to all industries, operating business-as-usual or during this unprecedented global pandemic
1) (Re)establish an organizational culture of cybersecurity—Support all employees in following cybersecurity policies, processes, and procedures through comprehensive cybersecurity awareness, education, and (re)training programs (with a focus on the most prevalent forms of cyber-attack during the COVID-19 pandemic—spear-phishing campaigns, for instance)
2) Implement advanced cyber-diagnostic assessments attuned to the risks malicious actors are presenting during the pandemic, including:
- Email cyber-attack assessments
- Spear-phishing campaigns
- Network and endpoint cyber-attack assessments
- Vulnerability scanning assessments
- Penetration testing
3) Create a cyber-breach incident-response plan—Develop and test an enterprise-wide information-system incident-response plan to identify, contain, eradicate, and quickly recover from cyber-attacks.
4) Ensure information-system resilience—Implement and test an enterprise-wide business-continuity plan (BCP) and disaster-recovery plan (DRP).
5) Conduct 24 x 7 x 365 Monitoring, Detection, and Response (MDR) —Continually monitor, detect, and respond to all cyber incidents impacting email systems, networks, software applications, and all information-system endpoints using advanced security information event management (SIEM) software, data-visualization tools, automation, and artificial-intelligence (AI) capabilities.
To develop a threat-based cybersecurity strategy specific to your business and the second wave of the COVID-19 crisis, contact us.