Cyber security – the changing nature of challenges
The current crisis has forced businesses to rethink their ‘business as usual’, with a disparate workforce creating opportunity for cyber criminals. In addition to mitigating these risks, it is worth considering how much of the contingency planning may become the new normal. Inflexion's digital team, led by Alex Mathers, is in regular dialogue with our portfolio to keep on top of this.
Businesses have needed to make a lot of swift, tactical decisions over the last few weeks, particularly around enabling business to continue as usual. “Most of these decisions were made with the expectation that the disruption would be a few weeks, but we now need to bear in mind it may actually be needed for much longer,” says Sean Sutton, partner at PwC UK Cyber Security.
With more people working remotely, threat actors see more opportunity – just as home workers may be less equipped to deal with them. Many companies have enacted remediation to mitigate the risks in the immediate-term. But as a few weeks of remote working turns into months, longer-term remedies may be needed to secure newly implemented remote working. PwC UK outlines areas where tactical solutions can be progressed into more strategic solutions:
- Monitor for shadow IT – With a more distributed workforce there is increased likelihood of new software and new devices starting to be used without IT involvement, which can create blind spots and increase risks. Initially firms expanded their monitoring to identify new devices, and reassessed web proxy filtering. Now it is best to implement holistic shadow IT monitoring /automate workflow approval.
- Secure remote access – For now firms can increase VPN capacity by working with existing
suppliers or extending current solutions, although it is important to make sure that any deployments are managed in a secure way. For the longer term additional solutions and approaches might be required to support a longer period of remote working and operations.
- Implement multi-factor authentication (MFA) – enabling MFA into on-premise systems was a key early step many firms took – with some also switching to cloud applications with native two factor authentication. As with remote access, in time moving to a ‘zero trust’ model regardless of whether users are inside or outside the corporate network may be a better solution.
- Review on-premise security controls – Reviewing and tightening data access and security controls to find and close any gaps were important early steps. In time, implementing a dynamic / adaptive security control model, applying real-time contextual information, may be more powerful.
- Enhance security monitoring – Security monitoring abilities were increased and 24/7 shift rotation was adopted by many firms. In the longer-term firms should determine people, processes and technology for security operations centre (SOC) surge capacity.
- Adapt cyber responses – Many firms were quick to ensure third-party incident response capabilities were on standby and focused threat intelligence to identify Covid-19-specific threats. Going forward, cross-industry support should be expanded to increase market resilience.
Many remote working functions were set up to be temporary, but PwC UK feel home working will become a permanent feature of many businesses.
Changes to business in a post-pandemic world
As businesses return, changes to previous practices and norms should be expected.
Expansion of ecosystem business models – Business models that encompass networks of third-parties are able to adapt and change to deal with rapidly evolving risks, more effectively than traditional supplier-customer models.
Accelerated adoption of cloud – Businesses have really increased their uptake of the cloud. Most organisations have adopted cloud for some functions, but there may be a broader reassessment of how it can help alleviate some of the recent challenges related to remote working.
Redefined meaning of a resilient business – Businesses are changing how they think of resilience. What does resilient look like in your supply chain? Disaster recovery and business continuity planning have for many years have a degree of focus on pandemic-scenario planning. Now we’re experiencing it, companies will revisit their plans and apply lessons learnt.
Augmented reality – Use of new tech could change the way businesses and users interact with each other by extending location agnostic services and capabilities and by maximising virtual experiences. The roll-out of 5G will support wider adoption and application.
Cross-business industry resilience – Assessing how businesses work together during these periods could influence how resilience is addressed in future.
Emerging threat landscape
“Threat actors are always quick to identify new ways to exploit vulnerabilities, whether technical or psychological,” cautions Rachel Mullan, senior manager at PwC UK Threat Intelligence. The group’s research has uncovered a mix of espionage and cyber-crime activity from a variety of actors.
“They’re using C-19-based phishing lures to infect victims with malware. It’s slowed in the last few days but we’re not yet sure if it’s a genuine lull or whether they’re planning something new. We are also seeing hundreds of c19-related domains being created every day, some of which may be malicious infrastructure for use in future campaigns.”
She also points to an uptick in mobile malware, appearing on download sites, as well as ‘smishing’ (think phishing but by text message).
The lures are shifting. Initially they were on the health side, but now they are more on the remote-working side.
“Ransomware actors have been active, expanding the range of sectors they target and the value of ransom demands are increasing. TrickBot, which is associated with Ryuk ransomware, began using C-19 lures in mid-March and TA505, the actors behind mailto and Buran ransomware have recently followed suit.”