2 minute read
Cyber SIG
Magdalena Woloch, CFIRM
Cyber risk a key heightened risk during this pandemic and is showing up in Board packs in Q2. Many companies are in the process of assessing their cyber risk profiles in the full work from home operating environment which seemed to have happened overnight. Activities including trading, customer service, recruiting and financial statement preparations are all being done from home. Although working from home wasn’t entirely foreign, it was never so wide spread and in many cases was not considered (or tested) in business continuity plans. There are some notable risks that have come to the forefront of the cyber risk conversation:
> The increase in volume in working from home, has created many vulnerabilities as many firms acted quickly to get the hardware availability in a short period of time to enable business as usual to continue as seamlessly as possible. Most cyber security programs were already mature due to the heavy regulatory focus, but vulnerabilities have been found. The volume and nature of malware and phishing attacks is one of the key concerns. IT security functions are taking action by increasing their own internal campaigns to ensure staff make active decisions around their clicking activities > The United Kingdom’s National Cyber Security Centre (NCSC) and the United States Department of
Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has issued a joint advisory warning that “an increasing number of malicious cyber actors are exploiting the current
Covid-19 pandemic for their own objectives. In the UK, the NCSC has detected more UK government branded scams relating to Covid-19 than any other subject.” Although they also state from the data seen to date, the overall levels of cyber-crime have not increased > The constant need for communications through meetings, catch ups , quizzes and even weddings has shown a huge opportunity for growth for online communication platforms like Microsoft Teams and
Zoom. These security platforms are being closely and publicly scrutinized for their security capabilities as companies and people privately adopt the platforms > In the social media landscape, we are seeing campaigns of misinformation about the virus. Facebook,
Google, LinkedIn, Microsoft, Reddit, Twitter and YouTube have issued a joint statement that they are
“jointly combating fraud and misinformation about the virus, elevating authoritative content on their platforms, and sharing critical updates in coordination with government health agencies around the world”
> Third party and supply chain cyber risk has also been a popular topic over the last few years which has is also heightened. We can liken this issue to the need for everyone to wear a protective mask to protect others they connect with from catching the virus With this increased risk, IT cyber security teams are working around the clock to ensure that risks are mitigated. As we aim to ensure we are protected, we continue to innovate and use technology to help solve problems. Opportunities for innovation have appeared most notably in the tracing apps that may soon be worldwide in their use, these especially have cyber security related challenges. Challenges such as the European Commission lead #EUvsVirus aiming to develop innovative solutions for Coronavirus related challenges are also appearing and may prove to be helpful. We will soon see how the world will change post this crisis, cyber and technology will surely be included as a notable risk and opportunity from which will see many lessons learned.
