Top Cybersecurity Recommendations Amid COVID-19
Global industries have seen a sharp rise in cyber-attacks since the Chinese government disclosed the spread of the coronavirus or COVID-19 within China and internationally. Especially, cyber-attacks have focused on health-care systems using spear-phishing and ransomware, impersonation attacks combined with business email compromise (BEC) targeting financial systems, supply-chain cyber-attacks focused on re-directed manufacturing operations outside of China, and distributed denial of service (DDoS) cyber-attacks on the energy, hospitality, and travel industries.
With the spread of COVID-19, increased demands for information technology (IT) support services are occurring across nearly all industries, as worldwide employees, students, university faculty, and others are being asked or required to work or study remotely from their homes to reduce the spread of the virus. As a result, nation-state cyber-attack groups and criminal cyber-attack groups are taking maximum advantage to target cyber vulnerabilities in select industries, especially those most impacted by the current crisis.
Realizing that 40 percent or more of cyber vulnerabilities are directly linked to employee behavior, per Gartner’s latest studies, it is vital that organizations focus more on their employees via cybersecurity awareness, education, training, and use of simulations to create a stronger human firewall to protect their vital digital assets. After all, according to IBM Security’s latest findings, the average cost of a cyber data breach is now $8.2M.
Cybersecurity Top Five Recommendations
To reduce both the probability of a cyber-attack or significant data breach and mitigate the negative financial and reputational impacts, we offer the following cybersecurity recommendations which are clearly applicable to all industries:
1) Create an organizational culture of cybersecurity. Ensure the C-Suite consistently promotes and supports all employees practicing effective cybersecurity policies, processes, and procedures via a comprehensive cybersecurity awareness, education, and training program including spear-phishing campaigns and cyber data breach table-top exercises.
2) Implement advanced cyber diagnostic assessments, on a regular basis, including:
- Email Cyber-Attack Assessments
- Network & Endpoint Cyber-Attack Assessments
- Vulnerability Scanning Assessments
- Penetration Testing
- Spear-Phishing Campaigns
3) Establish a Rapid Cyber-Attack Incident Response Plan. Develop and periodically test an enterprise-wide, well-coordinated information system incident response plan to quickly identify, contain, eradicate, and recover from cyber-attacks.
4) Conduct 24/7/365 Monitoring, Detection, & Response. It is essential to continually monitor, detect, and respond to all cyber incidents including those that relate to email systems, networks, software applications, and all information system endpoints using advanced security information event management (SIEM) software, data visualization tools, automation, and artificial intelligence (AI) capabilities.
5) Ensure information system resilience. Implement and periodically test an enterprise-wide business continuity plan (BCP) and disaster recovery plan (DRP).
Material discussed in this communication is meant to provide general information and should not be acted on without obtaining professional advice tailored to you or your company’s individual and specific needs. Any tax advice contained in this communication (including any attachments) is not intended or written to be used, and cannot be used by any person or entity, for the purpose of (i) avoiding penalties that may be imposed on any taxpayer or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein. This information is for general guidance only and is not a substitute for professional advice.
The information contained herein should not be construed as personalized investment advice. Investment in securities involves the risk of loss, and past performance is no guarantee of future results. There is no guarantee that the views and opinions expressed in this document will come to pass. Historical performance results for investment indexes and/or categories generally do not reflect the deduction of transaction and/or custodial charges or the deduction of an investment-management fee, the incurrence of which would have the effect of decreasing historical performance results. There can be no assurances that your portfolio will match or outperform any particular benchmark.
Information presented was obtained from sources deemed qualified and reliable; however, MFA makes no representations as to accuracy, completeness, suitability, or validity of any information within this communication and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use. Any forward-looking statements are believed to be reasonable; however, MFA gives no assurance that such expectations will prove to be correct.