Enterprises across the globe are more vulnerable than ever to cyber attacks arising from the pandemic.
As the COVID-19 pandemic sweeps the world, businesses are adapting to a new “business as usual” model to minimize the health risks associated with employees and customers being in close physical contact. This adaptation has pushed millions into remote working structures or online interactions between customers and businesses. With this change in behavior comes additional information security risks to the confidentiality, integrity, and availability of key information systems.
To help EY clients manage these risks, we’ve identified the risk drivers, business challenges, and outlined five risk mitigations that can help enable an enterprise to be cyber resilient.
The surge of teleworking increases risks
As Information Technology (IT) teams scramble to enable remote working infrastructure, the pressure to ensure they can respond to the increased volume of requests from the business can result in some IT teams and/or users bypassing information security best practices. Look out for these challenges:
- Users unhappy or unfamiliar with approved telework solutions may install their own or setup “shadow IT” – in other words, unmanaged software and assets without corporate information security and privacy controls.
- IT teams may defer patches on critical assets to keep network operations stable and available. The increased load on telework-enabling resources may limit allowable downtime for patching.1
- Ensuring connectivity between cross-enterprise resources could circumvent segmentation, resulting in “network flattening,” which would ordinarily prevent or detect a threat actor from gaining access to a network to traverse to critical IT assets without multiple layers of security.
Dispersal of previously in-person activities and processes is an enterprise challenge that requires adaptation of business processes and flexibility to keep business as usual activities operating.
- Enterprises that monitor or restrict certain activity — such as high privileged activities like account creation, deletion, and security setting modifications — to on-premise systems are forced to adapt procedures and enable remote administration. This new remote traffic changes the network baseline, which requires tuning of advanced security analytics platforms that monitor remote traffic. As new baselines are established, these analytics will need regular monitoring and adjustment to spot anomalous, possibly malicious network traffic.
- The surge of remote work increases load on IT support teams, with teleworking users repeatedly contacting the Help Desk, creating pressure to skip authentication or authorization steps in order to deal with the increase in call volumes. Further, physical presence requirements for IT services become infeasible; so services such as laptop upgrades, certificate issuances, or hardware repairs must be deferred.
- In addition to employees and customers facing these challenges, an enterprise’s third-party supplier or contractors also introduce additional volumes of the risks described above.