Cyber Threats – Risk Management in the Time of COVID-19

Sips of Information as Businesses Drink from a Firehose

Download PDF version HERE.

While it is hard to find anyone who hasn’t heard of social engineering losses, simple awareness has unfortunately not curtailed phishing and business email compromises that defraud businesses in virtually all business sectors.  2019 marked the highest rate of internet crime reported to the FBI than in all years prior, with total losses approaching $3.5B.

The COVID-19 pandemic that has forced most businesses to adopt work from home operations is fueling an already hot fire in terms of social engineering threats.  The website DARKReading (www.darkreading.com) has reported that 71% of security professionals have seen an increase in threats since the onset of coronavirus.  The levels of phishing are up over 50% with other malicious websites and malware also significantly on the rise.

Cybercriminals are preying on disruption in chains of command as employees work remotely and are physically separated from other team members.  Stress, interruption of routine, illness, childcare problems and job security can create significant anxiety which can lead to distraction and mistakes. Pile on security issues with remote access in this work from home environment and things can easily go sideways.

With this cheery discussion, how should businesses respond?  First and foremost, employ sound risk mitigation and avoidance policies.  With a majority of losses emanating out of funds transfer, rule #1 should be “trust no one” quickly followed by rule #2 which is refer to rule #1.  Strict verification procedures should always be followed along with division of duties and second sign off.

Insurance is also a key element in situations where, despite the best intentions, losses occur.  A combination of cyber and crime insurance should be considered to address losses such as funds transfer fraud caused by a hacker in your network and social engineering fraud where deception leads to release of private information or a wire transfer.  The lines between these two coverages can be blurred and coverage nuances, including availability of limits, need to be negotiated.  As with the procurement of any insurance coverage, seek expert advice from a knowledgeable insurance broker.