Beyond human health, COVID-19 has taken an equally big toll on nations’ wealth, opening a gateway for cybercriminals to look for new vulnerabilities and creating a perfect breeding ground for cyberattacks while exploiting the fear, panic and disruptions.
Since February, there has been a 4,300% jump in coronavirus-themed spam, according to a recent study by the Ponemon Institute and IBM. Virus-themed sales of malware have spiked in the dark web and rapidly created COVID-19-related domains are 50% more likely to be malicious compared to other domains registered during the same period.
Cybersecurity has been an important business imperative for many years, with 57% of ASEAN respondents in the Ponemon study having experienced significant disruption in the past 24 months due to malicious actors. With the rapidly changing business and digital security landscape post-COVID, cyber resilience has gained even more importance across the region, especially so in Singapore, due to its high Internet adoption and digitalisation.
Given its sound regulatory policies and organisational readiness as well as past high-profile data breaches, Singapore has invested heavily in its cybersecurity capabilities. Nevertheless, hackers were able to infiltrate a live Zoom session in a local school, providing a cautionary tale for all businesses and government agencies in the region.
With many in the workforce still working from home during phase 2 of the Circuit Breaker, accessing corporate networks via personal devices combined with a lack of security equipment or protocols to enable digital safety have heightened the potential security threats for businesses.
Recently the Singapore Computer Emergency Response Team (SingCERT) warned the public of such a scheme where a spoofed Ministry of Manpower email address was used. Attackers are using social engineering ploys to masquerade phishing attacks as originating from legitimate institutions.
As people congregate on cloud-based productivity platforms – both for work and personal reasons, we will see more and more malicious actors launch targeted schemes to exploit the situation.
Weak links
Being prepared for the unforeseeable is a key component for business continuity in a crisis, ensuring that operations are not compromised due to ad-hoc decision-making.
Yet, 76% of global and 23% of ASEAN companies do not have an incident response plan applied consistently across the organisation, according to the Ponemon study. Alarmingly, 25% worldwide and 23% in ASEAN reported not having any crisis response or mitigation plans, or CSIRP (Cyber Security Incident Response Plan), which define how crisis response should be handled across the firm, including strategy, technology, and operations.
In an interconnected digital world, one weak link is enough to offset the balance and most organisations in Asia and globally remain ill-equipped to handle a major cybersecurity incident, much less during a global crisis such as a global pandemic.
How can you keep your organisation safe? Policies around employees using work-issued laptops or phones provide you with a stronger security posture. There are three phases in an effective CSIRP that companies can adopt:
Phase 1: Align operations
Start with building a team and creating a CSIRP that is regularly updated to reflect the current environment. Conducting regular crisis response drills allows companies to adjust their decision-making process and provides an opportunity to learn from mistakes.
Failure during crisis simulation is infinitely more valuable – and less costly – than failure during an actual crisis. Make the unexpected a part of every drill to improve and fine-tune the team’s capacity for collaborative problem solving and ingenuity.
Phase 2: Run the playbook
During a crisis, executives and security teams need to filter available information to quickly make sound decisions. Borrowing principles originally developed by military strategists, companies can incorporate tactical operations techniques such as “observe, orient, decide, and act,” known as the “OODA loop”.
Incorporating that approach, complex problems should be broken down into constituent parts with terminology and communication protocols standardised. Leaders should set an example by combining soft and hard skills, demonstrating consideration and empathy, as well as technical acumen. However, they need to foster teamwork by taking stock of everyone’s strengths and leveraging the diversity of every members’ skillset.
Most important is the need for honest and transparent communication, especially with senior leaders and stakeholders. Threats to the business need to be defined in concrete terms, as well as determining if the more specialised resource should be assigned. Key lessons for the future crisis should be drawn from this exercise and they need to be communicated clearly to the senior leadership.
Phase 3: Invest in new capabilities
The average total cost of a data breach is US$3.92million, according to IBM’s “2019 Cost of a Data Break Report”, making early detection and response vital for a company’s financial security.
Security automation allows specialists to focus on threats that require deeper analysis, which has shown to cut the cost of a breach nearly in half. Cloud-based security services can monitor traffic over an operational footprint far larger than any single firm. With modern telemetry and log file capture solutions, attack vectors can be modelled, signatures created, and breaches re-created, even after the fact.
Cyber-resilient organisations operate in a continuous cycle of discovery, learning, adaptation, and iteration. In times of crisis, effective threat remediation comes down to the ability of individuals to work together on complex, often intractable problems. Cyber-resilient organisations prioritise security as a strategic tool and take steps to mitigate a cyber-attack early on.
The bottom line: COVID-19 has put the world on notice
As with any great upheaval, lessons learnt should be used to improve future responses. The Ponemon study revealed that only 1 out of 4 organisations rated their cyber-resilience as high, and just over half of ASEAN respondents improved their organizations’ cyber resilience in the past year, leaving a high number of businesses at risk to be exploited by cybercriminals.
Cyberattacks have become part of the daily lives of businesses and individuals, and the pandemic has demonstrated again that cybercriminals are willing to exploit human turmoil to profit off it. In the new post-pandemic world, it’s more important than ever for organisations to take cybersecurity seriously, to be on guard against potential breaches, and use every tool at their disposal to keep their data safe.
