How to address technology and cyber risk during the COVID-19 pandemic

3 minute read  26.03.2020 Paul Kallenbach, Jonathon Blackford
As organisations and governments across the globe mobilise to deal with the significant health, economic, social, political and logistical challenges raised by COVID-19, it's important that technology and cyber issues arising from the pandemic are recognised and appropriately addressed.

Key takeouts

  • COVID-19 highlights the critical dependency of most organisations on technology. Lingering issues with remote access now constitute a key business risk.
  • Organisations will be challenged by untested business continuity plans, new personnel in critical IT roles, and unauthorised technology usage.
  • Cyber criminals are exploiting the situation by disguising malicious websites as sources of credible public health information, making organisations even more vulnerable.

Technology and cyber issues have come to the forefront during the COVID-19. These need to be recognised and appropriately addressed in order to ensure business continuity.

Novel dependencies

COVID-19 highlights the critical dependency of almost all organisations on technology. As governments move to implement quarantine conditions, location shutdown, travel bans and border closures, technology-based channels and the speed and reliability of personal internet connections have become business critical. Lingering issues with remote access now constitute threat to core business operations and stability. IT and telecommunications systems face new levels of strain, and the impact of those systems failing has intensified.

Novel operating models

While some organisations have moved to invoke their business continuity plans, for many organisations, such plans have not been fully tested for many months or even years. New remote operating models and the rapid changes they bring in term of responsibilities between team members and vendors, increase the likelihood of failure of untested or outdated risk controls.

Novel staffing

COVID-19 is likely to significantly change staffing across many organisations, including in outsourced, offshore, and call centre environments. New personnel, unavailability of critical personnel, and new pressures on all staff, increase the likelihood of processes and delegations being misunderstood, misapplied, or deliberately circumvented.

Novel end user patterns

Recent readily available cloud technologies have meant that many end users have adopted their own innovations in getting their work done – be it cloud storage or other software-as-a-service solutions.

With increased pressure on organisation's own systems, technology leaders should expect users to employ current technology in new and unexpected ways, including engaging with new technologies without the requisite approvals. This may expose organisations to a range of legal risks, including in relation to data sovereignty, confidentiality, security, privacy, specific regulatory regimes (such as the prudential standards) and sanctions laws.

Novel organisational pressures

The economic impact of COVID-19 is likely to be significant in almost all industries, with the resulting increase in internal jostling for budget allocation. For example, investment in cyber risk management may be challenged – for both organisations and their suppliers – encouraging behaviours which may ultimately increase organisational risks post COVID-19.

Novel attack vectors

Cyber criminals are already taking advantage of the fraught global situation by establishing malicious websites that purport to offer public health information but which instead access users' personal details. Other examples of hacker activity include distributing ransomware or other malware using disguised COVID-19 related emails, SMS messages and phone calls (including by impersonating the World Health Organisation and government authorities).

In these uncertain times, it is understandable that individuals will feel more vulnerable and anxious to keep themselves updated with the latest public information. This may make them more susceptible to malicious messages or social engineering attacks.

Novel recovery

Where a cyber security incident occurs, it is common for teams to physically co-locate to increase the effectiveness of collaboration during the recovery period. COVID-19 may render this impractical in many instances, leaving response teams to depend upon the very systems impacted by the incident.

Managing the long and short term implications

The transformational changes in government, business and society brought about by COVID-19 will not be short term. We are working with our clients to identify, clarify, manage and mitigate these and other issues raised by COVID-19, across our legal and technology consulting teams. Contact us for a more detailed discussion about how these issues affect your organisation and how you can mitigate risk and manage opportunities. 

Contact

Tags

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1laWQiOiI4ZWE0MDdiZS0xMzVlLTRkMDYtYTA2Mi1jMGY5NmQ2OThjOTgiLCJyb2xlIjoiQXBpVXNlciIsIm5iZiI6MTczOTA3Njc5OSwiZXhwIjoxNzM5MDc3OTk5LCJpYXQiOjE3MzkwNzY3OTksImlzcyI6Imh0dHBzOi8vd3d3Lm1pbnRlcmVsbGlzb24uY29tL2FydGljbGVzL2hvdy10by1hZGRyZXNzLXRlY2hub2xvZ3ktYW5kLWN5YmVyLXJpc2stZHVyaW5nLXRoZS1jb3ZpZC0xOS1wYW5kZW1pYyIsImF1ZCI6Imh0dHBzOi8vd3d3Lm1pbnRlcmVsbGlzb24uY29tL2FydGljbGVzL2hvdy10by1hZGRyZXNzLXRlY2hub2xvZ3ktYW5kLWN5YmVyLXJpc2stZHVyaW5nLXRoZS1jb3ZpZC0xOS1wYW5kZW1pYyJ9.SKcMsyrh9i47JFj1_8WwgCQA2Liy5AkXCPfqMA4Smyg
https://www.minterellison.com/articles/how-to-address-technology-and-cyber-risk-during-the-covid-19-pandemic