They’ll need an effective leavers process they’ll have to deal with a heightened insider threat from disgruntled employees they’ll have to advise on secure disposal of assets. As government furlough and support schemes expire, companies may see considerable employee redundancies, restructuring, asset disposal and even liquidation in stressed sectors. Third, comes the challenge of securing a firm under stress. All of these lessons matter for the future, and we should take time to remember and embed them into future operating models. They’ve been forced to invoke (or create) crisis management arrangements and to do so with pace and agility. Companies have a clearer idea of who and what matters to their businesses, whether describes as critical business processes or key individuals. It has forced companies to rethink business models to deal with changes in working patterns, customer demand and supply arrangements. There are some lessons around resilience from COVID-19. Do you know where your supply chains might fail and do you need to review the risk ratings for suppliers given that some sectors are under stress? Have you come to rely on your fallback systems (e.g., virtual desktops) as your primary infrastructure and has that introduced new points of failure? What if you have a cyber attack, technology outage or supply chain issue in the middle of dealing with the extended impact of COVID-19? What can you expect next from regulators, particularly in the financial sector? In others, business models are changing faster than expected to embrace digital channels, cloud services and embed home working - the latter with an eye to associated cost savings from property footprint reduction. For sectors such as aviation, oil and gas, conventional retail and hospitality - the impact may be extreme - leading to aggressive cost reduction, restructuring and liquidation. In particular, insider threats are worrying them - from call-center workers working from home stealing customer card details, to investment traders colluding absent the watchful eye of their supervisors, to a high level of churn and redundancies as firms come under stress and state support packages draw to a close.įor many firms, distress is on the horizon as demand declines, supply chains are disrupted and the cost of debt increases as existing corporate paper expires in challenging market conditions. The risk teams in financial firms have become increasingly concerned about just how many security waivers were granted in the rapid response to COVID-19.
At the same time, attackers made greater efforts to locate and encrypt online backups. Ransomware was already shifting to more targeted and effective exploitation models, with double extortion attacks involving the stealing of data (for blackmail purposes) becoming more common. We already have evidence that ransomware is more likely on the network of US company employees working from home than on the normal (and rather better protected corporate systems).
Any early promises the health sector and national responses to COVID-19 might be saved from such attacks have long since evaporated. States themselves have adapted their own cyber espionage tactics. Organized crime groups have shown themselves ruthless and entrepreneurial in exploiting fear, uncertainty and doubt over COVID-19 - repurposing phishing and attack infrastructure to build out COVID-19 fake websites and scams. Pragmatism has become the rule, and if we’re frank, companies have taken security risks that they might never have accepted in other circumstances. COVID-19 has forced us to transform the way we work - projects which might have taken a year have been driven through in weeks.