Analyses & Studies

Three key actions to mitigate cybercrime

PwC's Threat Intelligence research has uncovered a mixture of espionage and cybercrime activity from a variety of threat actors capitalising on the COVID-19 situation.

Threat actors are always quick to identify new ways to exploit vulnerabilities, whether these are technical or psychological, such as email attacks which use content from reputable sources, such as the mapping tools from the Johns Hopkins Coronavirus Resource Centre, to market phishing kit for businesses. PwC research has also identified Mobile malware variants on download sites, and an increased activity in ‘smishing,’ phishing texts sent directly to mobile phones by SMS.

These new risks emerging as a result of COVID-19 sit alongside existing risks being left unaddressed, as security expenditure is cut and IT changes are frozen. The shift to remote working and prioritising business operations will bring immediate risks, as disruption to the workforce and suppliers increases vulnerability to old risks. Going forward this will change organisations’ cyber security risk landscape.

3-point action plan

According to recent PwC advice, organisations should take three key actions to mitigate emerging cyber security risks as a result of COVID-19.

1. Secure newly implemented remote working practices

  • Monitor and react to issues encountered by employees with remote working, to ensure safety and security
  • Monitor for “Shadow IT”, implement new solutions if required, move users towards approved technology
  • Ensure remote access systems are fully patched, securely configured, and resilient Ensure on-premise security controls function for a remote workforce
  • Review tactical actions and retrospectively implement key security controls which may have been overlooked.

2. Ensure the continuity of critical security functions

  • Identify and monitor critical activities for continuity
  • Confirm patching processes function remotely
  • Implement IT change freezes on high-risk systems to limit risk if normal processes cannot be followed
  • Review how privileged users are going to perform administration
  • Update response plans and playbooks to ensure they function with a workforce primarily working remotely
  • Deploy asset management tooling to ensure continued visibility as systems are moved from internal network

3. Counter opportunistic threats that may be looking to take advantage of the situation

  • Target additional awareness and communications where emerging threats arise.
  • Mitigate the increased risk of phishing by increased defences around email and workstations
  • Provide specific guidance to employees to be extra vigilant about requests for sensitive information or money transfers
  • Plan for increased risk of insider threats, ensuring access can be removed, and data exfiltration prevented
  • Seek to apply quick-win technical controls across the IT estate where possible

Will Oram and Gabriel Currie, Cyber Threat Detection & Response, and Alex Sagovsky, Crisis and Resilience, at PwC, spoke at a recent webinar of the French Chamber, ‘Cybersecurity - overview of the main threats and how to respond.’ For information and to register for future webinars please see our Upcoming Event and Forums & Clubs.

Share this page Share on FacebookShare on TwitterShare on Linkedin

Close

JOIN NOW