To both sophisticated organized crime outfits and lone hackers, the rapid shifts that companies have made to keep their businesses up and running during the COVID-19 pandemic—such as remote working arrangements, supply-chain adjustments, and increased reliance on online platforms—spell opportunity.
With scams ranging from phishing emails to sales of sham coronavirus testing kits and fabricated government claim portals, to ransomware attacks on hospitals to extort money, cyberattacks have surged during the pandemic. Temporary operating models and longer-term implications of a “distance everything” business environment—largely driven by information technology (IT)—will require particularly vigilant focus on cybersecurity going forward.
Companies that provided digital flexibility, granted security waivers, and boosted their online presence as a part of their immediate response to COVID-19 should now be adapting their security and fraud controls to secure and retain the longer-term benefits of those digital shifts.
For example, where the company previously relied on securing physical facilities, online management oversight of employees, or use of controlled corporate IT, the company may need to rethink its cybersecurity approach using a different blend of protective and detective security controls to allow for use of personal devices and untrusted networks, including remote meeting platforms. Another consideration is that the security controls on employees’ home IT networks are often weaker than those in a corporate environment, and while allowing employees to use their own devices can be convenient and efficient, there are downside risks that need to be actively managed and mitigated.
Also, the shift to digital channels—with more money now in the digital economy—is attracting the focus of cybercriminals who will always follow the money. Security around digital payment platforms, as well as customer data and intellectual property, should be paramount.
As companies move from response and resilience to thinking about what recovery and the new reality will look like for the business and its operating model, robust boardroom conversations will need to focus on the following key actions:
This article originally appeared in the July/August 2020 issue of NACD Directorship magazine.
Some or all of the services described herein may not be permissible for KPMG audit clients and their affiliates or related entities.