The coronavirus crisis is already shaping up to be one of the biggest threats to businesses in living memory. Alongside the number one priority of keeping employees safe and minimising the spread of the virus, beleaguered c-suites around the world have many other challenges to consider as they evaluate their risk management strategies.
What will the impact be on the business with most of the workforce working from home? Oxial is set-up and structured to be fully operational with our teams working from home, but others might not be. Many corporate Financial Services (FS) firms still reply on personal relationships, will this still work over the phone without face-to-face contact?
Now there is another threat that organisations are having to include on their coronavirus risk management planning – cybersecurity. This is something that should already be addressed through a firm’s GRC software, but coronavirus has seen a new wave of malicious cyber-attacks that need to be managed and mitigated.
Increased phishing and ransomware attacks
When we predicted the main cybersecurity trends for 2020 a few months ago, ransomware was one of the main trends we highlighted. This threat has unfortunately increased since the coronavirus situation began, with hackers using the uncertainty and anxiety to mount targeted attacks.
Earlier this month (March 2020) a hospital in the Czech Republic (a country which is a major Covid-19 testing hub) was subjected to a ransomware attack that disrupted operations and actually caused surgery postponements. Cyber criminals have grown more sophisticated and professional over the past decade, but no less ruthless and unscrupulous.
Social engineering lures, that use seasonal events or topical news to attract people are also highly effective for cyber criminals. The number one topic of conversation in the world right now is the coronavirus, so campaigns that utilise this can be very effective. No matter what cyber security tools or IT GRC tool an organisation uses, if an employee clicks on a malicious email link then security will be breached.
Already there has been a major spike in coronavirus-based phishing campaigns, which come in a variety of guises – emails purporting to come from the WHO with information updates, offers for ‘coronavirus face masks’ and even requesting charitable donations to coronavirus-focused charities. Many of these campaigns are well-designed and look authentic, especially to individuals that are nervous about coronavirus and / or keen to help.
Cybersecurity for homeworkers
With millions of people across the planet now working from home for the foreseeable future, it means that there are additional cybersecurity risks to be factored into risk management software and IT GRC software. While homeworking is common enough in 2020, not every user will have the same cybersecurity at home that they are used to in the office.
Many employees will also be juggling childcare whilst working which means that they might not be quite as vigilant on security as they usually are and could be a little distracted and more likely to click on or open something that they shouldn’t.
It’s also possible that other family members could use that employee’s corporate laptop or device at home – children might use it do some homework or check their personal email, which all contribute to the lowering of defences.
Direct targeting of hospitals and healthcare organisations
A further cybersecurity risk for firms to manage around coronavirus is cyber criminals beginning more direct targeting of hospitals and other healthcare organisations. The hospital in the Czech Republic is one example of this and will undoubtedly be many others over the coming months.
Any employees in the healthcare sector would naturally be focused on other priorities right now and would therefore be a little more vulnerable to campaigns that utilise coronavirus in some way. This approach could even be a way for a hacker to gain access to a wider hospital supply chain and use that to make further cyber-attacks.
The damage that could be caused in such an instance could literally be a matter of life or death, preventing treatment for coronavirus or another condition. This would inevitably make organisations more vulnerable to ransomware, perhaps more likely in turn to pay any ransom in the event of critical life support systems being threatened.
Cybersecurity and risk management
Treating the threat posed by cyber criminals as a business – not IT – risk has long been a principle that Oxial has adhered to. We have made this a key component of our IT GRC tool / risk management software, sGRC, and addressing cybersecurity in this way has arguably never been so important as it is now.
With the world in the grip of coronavirus and unscrupulous hackers willing to take advantage of this, organisations need to be sure they are well-defended and protected, so they can concentrate on keeping the business moving despite the crisis. That’s why Oxial partners with some of the world’s most highly regarded cybersecurity firms, benefitting from both their technology and expertise and passing those benefits directly to our customers.
Risk management software and strategy is critical in this time of coronavirus-driven cybersecurity and we are happy to talk you through any concerns your organisation may be having in this area. Just contact one of our experts here to discuss further.