COVID-19 has reshaped our lives as we know it, and the same goes for hackers’ business models. To learn more about how COVID-19 has changed the cyber issues that corporate leaders need to be thinking about, the Brunswick Group convened (virtually, of course) a group of experts including Michael Rogers, former director of the U.S. National Security Agency and advisor at Brunswick Group, Robert Silvers, partner at Paul Hastings, LLC, and Shawn Henry, president of CrowdStrike® Services and Chief Security Officer, CrowdStrike (watch the video here). Here are our top five things corporate leaders should think about when addressing cyberattacks in this new operating environment:
1. Insiders Will Become a Leading Threat
With many employees fearing layoffs, the current working environment is more likely to generate worried or disgruntled workers who may seek to get back at an employer they feel is not treating them well. Rogers said this “insider piece” will be relevant to company leaders as they reassess current cyber risks. As a result, security policies may need to be reworked to ensure there is increased visibility, access controls and more checks in place across the organization.
2. COVID-19 Is Accelerating Cyber Threats Like Ransomware and Extortion Attacks
Cyberattacks have spiked during the pandemic, as cybercriminals ruthlessly exploit the current situation, and ransomware that locks down company systems continues to be a top choice for hackers. According to Henry, adversaries are adjusting their tactics to attack off-site corporate operations that go beyond data theft and disrupt operations. Traditional workplaces are designed to be resilient against cyberattacks, but the ability to respond rapidly to them is now more challenging.
3. Practice, Practice, Practice
To prepare for a potential cyber incident, companies shouldn’t be thinking about returning to traditional work environments and instead should develop cyber crisis simulations that test a company’s response when much of its workforce is remote. Simulations will help identify gaps in process and security before an incident occurs. Henry noted that understanding what future threats might look like is a good first step, but industry leaders should be hunting for them too. Sharing lessons learned across the industry is now more important than ever.
4. Regulators Are Unlikely to Cut Companies a Break, Especially on Privacy Violations
Regulatory issues will also challenge companies in new ways during and after COVID-19. Silvers said regulators showed some flexibility at the onset of the crisis, but now they are expecting companies to be caught up. The California Consumer Privacy Act and the New York SHIELD Act, for instance, are both in effect, suggesting that companies should expect robust enforcement on privacy and security issues this year.
5. Employee Cyber Education Should Be a Priority
A company’s cyber risk increases substantially when its employees don’t understand cyberthreats and their consequences. Personal IT further complicates this by posing a significant gap in companies’ ability to address attacks quickly and effectively in a remote environment. Rogers said organizations need to fill that gap with accessible guidance to employees. Reliance on home routers is currently unavoidable, which means introducing employees to some basic “best practices” can significantly improve employee vigilance about company security.
COVID-19 has proven that remote work can be efficient but has also exposed vulnerabilities in how to prepare for and address cyber risks. Cyber breach responses will need to adapt and evolve as society adapts and evolves to pandemic life. Corporate leaders have a responsibility to their organizations and their employees to strengthen their cyber incident response protocols so that they can quickly adapt if, and when, an incident hits.
Siobhan Gorman is a Partner in the Washington, DC, office of Brunswick Group, where she concentrates on crisis, cybersecurity, public affairs and media relations. Siobhan has worked on corporate crises across a range of industries, including financial services, healthcare, defense, entertainment, technology and automotive. She is also member of the Advisory Committee for Brown University’s Executive Master in Cybersecurity. Prior to joining Brunswick, Siobhan had a successful 17-year career as a reporter, most recently at the Wall Street Journal.
- For more information on how the CrowdStrike Falcon platform defends against ransomware and other modern attacks, read the white paper “Ransomware, a Growing Enterprise Threat.”
- Learn more about the CrowdStrike Falcon® platform.
- Visit the Falcon Complete™ webpage for information on no-touch managed endpoint protection.
- Visit our COVID-19 and Cybersecurity Resource Center to learn more about securing remote workers.
- Get a full-featured free trial of CrowdStrike Falcon Prevent to see how true next-gen AV performs against today’s most sophisticated threats.