Growing Cyber Risk Amid COVID-19

Remote working has become the new normal for many organizations as they continue to cope with the COVID-19 global pandemic. According to a March 17th Gartner, Inc. survey, 88% of organizations have employees working from home. While the usual cyber risks for organizations remain, enhanced risks are rapidly growing. Unfortunately, in this time of crisis, it is prime time for cyber criminals to wreak havoc attempting to capitalize on the increased demand  for information and guidance. In response, U.S. and international agencies have issued a slew of warnings about impersonators using the pandemic to steal money and personal information or to distribute malware.

Enhanced Risks

Phishing Scams and Ransomware Attacks

The U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) issued a joint alert on April 8, citing an increase in phishing campaigns utilizing COVID-19 themes to lure in victims. Phishing is a type of cyber fraud where a malicious cyber actor poses as a trusted source to gain access to sensitive information, such as usernames, passwords, and credit card numbers.

Phishing attempts are typically made by email. NCSC and CISA offered a list of known malicious activity, as well as guidance for avoiding cyber scams and suspicious emails. These emails often contain a “call to action” and encourage victims to visit a website that is used to steal user data.

In regards to ransomware, Interpol’s Cybercrime Threat Response team has detected a significant increase of attacks against key organizations and infrastructure responding to the COVID-19 pandemic. Interpol has issued a Purple Notice to police in its 194 member countries alerting them to the heightened ransomware threat.

Ransomware is a type of malware—or malicious software—that denies access to a computer system or data until a ransom is paid. According the CISA, ransomware is typically spread through phishing emails or visiting infected websites. Interpol notes that typical phishing emails fraudulently claim to be from government agencies and contain false information or advice regarding COVID-19.

For cyber criminals, the goal is to monetize security lapses in any way possible.

Between March 1 and March 23, Barracuda Sentinel detected 467,825 spear-phishing email attacks, and 9,116 of those detections were related to COVID-19, representing about 2% of attacks. In comparison, a total of 1,188 coronavirus-related spear-phishing attacks were detected in February, and just 137 were detected in January.

Barracuda researchers have seen three main types of phishing attacks using COVID-19 themes — scamming, brand impersonation, and business email compromise. Of the COVID-19-related attacks detected by Barracuda Sentinel through March 23, 54% were scams, 34% were brand impersonation attacks, 11% were blackmail, and 1% were business email compromise.

Operational Disruption

Increased remote access is putting stress on company networks. This poses another area of heightened risk – operational disruption due to lack of connectivity. Underlying causes may be security or system failure and may result in prolonged down time.

Best Practices for Businesses

After several weeks of remote work has tested the strength of IT systems and cybersecurity, businesses should continually review and update business continuity plans and consider the following possible best practices:

1. Risk and Governance Come from the Top. Senior management should understand technology being deployed and arrangements being made to combat the emergency. Management must make clear that security must be considered throughout new work activities.
2. Review IT System Security. Confirm with your IT department that the appropriate resources and attention are being directed to defend against risks to your organization’s cyber systems and work from home arrangements. New software should be tested and investigated before being trusted with confidential information.
3. Carefully explain how employees are expected to utilize systems in a work from home environment. Employees should be instructed on how to access systems and be reminded of cybersecurity precautions to utilize while working remotely, including taking care with respect to their surroundings, phone calls, printing, and system access.
4. Implement multi-factor authentication on all remote systems to ensure that access is limited to legitimate, trustworthy personnel. Remind employees of the importance of these systems and having authentication mechanisms, including any required tokens, available and kept secure.
5. Strengthen Passwords. Remind employees of the importance of keeping up-to-date and strong passwords and protecting those passwords when using their systems in remote locations.
6. Warn Employees About Phishing. Raise employee awareness of malicious cyber actors using fear over COVID-19 to design phishing emails attempting to trick victims into revealing information. Remind employees of the importance of taking steps to avoid phishing and social engineering attempts to breach their systems and that they should never click on links in unsolicited emails or reveal personal or financial information in response to emails.
7. Manage Third-Party Vendors. Check in with key third-party service providers to ensure readiness and planning. In the event of their own increased customer demands, do vendors you rely on have the right plans in place?
8. Review Regulatory Obligations. Businesses should consider regulatory obligations, including any reporting obligations that they may have. Arrangement should be made for any regulatory reporting that may need to be required, including testing whether there are secure remote systems for such reporting. Confirm that COVID-19-related scams are being identified and reported.

Cyber Insurance

Carefully review your Cyber policy as there are numerous coverage solutions that could apply.

• Cyber Crime: Reimburses for loss of funds associated with phishing exploits.
• Network Business Interruption: Indemnifies for loss of income due to down time caused by a Cyber event (subject to a waiting period).
• Cyber Extortion / Ransomware: Funds investigative expenses and ransom payments.
• Incident Response: Covers expenses to hire 3 party consultants (legal counsel, forensic investigators and crisis management firms) in the event of an actual or suspected breach.

If you fall victim to a phishing or ransomware event or suffer a cyber breach, please contact your ABD representative as soon as possible. Please be mindful of strict claim reporting requirements in your policy that could preclude coverage. Timely reporting is key!