COVID-19 Pandemic: Response Checklist for CIOs and CISOs

We outlined some recommended measures for CIOs and CISOs to help address the potential cyber security impact of the increase of remote working during the COVID-19 pandemic.

The World Health Organization (WHO) declared the coronavirus (COVID-19) outbreak a pandemic on 11 March, as it continues spreading globally. In Europe, the cases of infections reached 61,000, with more than 2,700 deaths by the time of publication. The impact of coronavirus has resulted in drastic market falls globally and governments are attempting to stem the outbreak in differing ways.

 We sent an early Warning to customers on 24 February and published a blog post on 26 February forecasting that infections across Europe are likely to increase exponentially within the coming weeks. As a result, we forecasted that organizations are likely to increasingly enforce remote working and provided Chief Information and Security Officers (CIOs and CISOs) with Recommended Courses of Action to help address the potential cyber security impact for organizations. We included these recommended measures later in this post. Updates are as follows:

CYBER IMPLICATIONS

Governments are instructing citizens to avoid unnecessary travel and an increasing number of companies are enforcing remote work. As a result of a more dispersed workforce, cybersecurity risks increase due to a variety of security concerns affecting both the technology and human aspect of an organization. In addition, companies are experiencing IT problems due to the sudden spike in remote working, for example, Microsoft Teams was reportedly unavailable on 16 March. Organizations are advised to stress test work from home capabilities, patch Internet-facing endpoints, and increase employee security training, due to an increase in phishing abusing the coronavirus theme. Further, as an increase in remote workers leave organizations more exposed, monitoring and detection efforts should be prioritized to promptly detect unauthenticated or unauthorized access to confidential resources.

A close up of a map Description automatically generated

 

Figure 1:  New certificates registered observed by QuoIntelligence- From 1 February to 4 March. Attackers are exploiting the Coronavirus theme to to spread phishing and malspam campaigns.

GEOPOLITICAL DEVELOPMENTS

Europe

The Euro STOXX 600 index, which tracks all stock markets across Europe, fell by around 12 percent on 12 March, to its lowest since launching in 1998 and from its peak in February. In response, the European Central Bank (ECB) approved stimulus measures, including cheap loans to businesses, raised asset purchases, and capital relief for banks but will not cut interest rates. The ECB also reminded all significant banks to address the risk of pandemics in their contingency strategies. On 16 March, EC President von der Leyen proposed to restrict any non-essential travel to the EU for the coming 30 days.

Germany

Chancellor Merkel warned that up to 70 percent of the population could become
infected. On 15 March, Germany introduced border controls and limited entry into the country. Germany will also enforce the closure of non-essential facilities, however supermarkets, pharmacies, post offices, and other facilities will remain open.

Italy

Italy is enforcing a complete lockdown of the country, which has considerably impacted their economy. The Italian government has announced EUR 25 billion to support the economy. Considering that Italy is the third largest economy in Europe, the complete halt in production will highly likely impact supply chains and have ripple effects on other economies.

United States

The US administration suspended all travel from Europe for the coming 30 days, with some exemptions for special cases. Trading on NYSE automatically stopped twice in the previous week, after the Dow Jones and S&P 500 fell by 7 percent. However, US stocks rebounded on 16 March, after the Trump administration announced various financial measures to support citizens and the economy. 

China

The infection rate in China is reportedly dropping and authorities stated the peak of infections has been passed. Across China, businesses, factories, and offices are re-opening. Regardless, it is likely that shortages caused by temporary closures will be felt across the world in coming months and disrupt supply chains.

Intenational Monetary Fund

The International Monetary Fund (IMF) is prepared to support low-income and emerging market economies with up to EUR 43 billion (USD 50 billion) to counter the economic impacts of coronavirus. 

Oil prices

The demand for oil has dropped as a result of the spread of coronavirus and thus reduced its price. The proposition of Saudi Arabia for oil producing countries to cut oil production to increase prices was rejected by Russia which opted to keep prices low. As a result, Saudi Arabia entered a price war with Russia and the price for oil dropped considerably.

OUTLOOK

Infections are likely to rise sharply in coming weeks across Europe, if other countries follow the initial trajectories of China or Italy. As a result, economies are likely to continue suffering as production will further decrease and supply chain disruptions will continue in coming months. In addition, as lockdowns are enforced, unemployment will increase and consumer spending will fall sharply. Remote working is likely to continue for some time and attackers will likely increase efforts to abuse resulting vulnerabilities to infiltrate networks. In addition, attackers are highly likely to continue using the coronavirus theme in phishing emails.

While China, where the rate of infections is slowing, could provide help in how to contain the disease, governments across the world have chosen vastly different measures to confront the outbreak. The decline in new infections in Singapore, Hong Kong, Japan, and Taiwan signal that early and strict lockdown measures appear effective in containing the spread. Generally, influenza cases decrease in the Northern hemisphere with the onset of spring, however due to the novelty of coronavirus and the lack of knowledge on its behavior, it is not clear if warmer weather will also result in decreasing coronavirus cases.

Recommended Course of Action (scenarios CIOs/CISOs should consider) – from our previous post of Feb 26:

  1. An outbreak of the virus in other EU countries is a likely scenario
  2. Companies and organizations located in the EU should evaluate their business continuity and disaster recovery plans, including:
    • Restricting personnel from visiting organizations’ offices might be a temporal policy enforced by extraordinary local government restrictions
    • Restrictions might last between two to four weeks, hence organizations should evaluate their business continuity plans around this time interval.
    • Organizations that cannot offer remote working capabilities might enforce paid or unpaid leave to their employees
    • Organizations that can offer remote working should be prepared to quickly implement remote working solutions, including (but not limited to):
      • VPN access (user registration, token rollout, etc.)
      • Personnel training (VPN access, security awareness, phone/email solutions for communication, etc.)
      • Data security segregation (restricting VPN access to only the data required to fulfill employees’ daily job)
      • Increased network traffic through VPN servers
      • Increase network security monitoring
      • Consider solutions for ensuring technology support in the event IT help desks are overloaded with requests from inexperienced remote workers
      • Implement a load balancer to distribute the workload across other resources
      • Centralized communication channels and ensure all stakeholders are aware
      • Limited file sharing
  3. Unplanned remote work and other extraordinary measures will inevitably increase organizations’ exposed surface and attackers’ opportunities for attacks, due to (but not limited to):
    • Reduced and limited security monitoring
    • Loose security policies to facilitate remote working for new users
    • Personnel trying home-made solutions to keep working from home, such as installation of unauthorized software (e.g. remote-desktop, tunneling, etc.), copying sensitive data to unauthorized external devices, or cloud solutions
    • Increase of malspam attacks exploiting the Coronavirus theme to encourage personnel to open malicious documents. Ransomware attacks could highly capitalize from an increased interest and concerns by citizens about the latest news on Coronavirus and exploit them to compromise companies with targeted attacks.
  4. Unexpected cancelation or delay of business travel
    • Awareness of government-issued Travel Advisories
    • Understand the risk of potential restrictions to business travel, including, but not limited to, traveling with sensitive business documents and assets in a foreign country
    • Preparing for extended outages for business travellers, factoring in screenings and other safety measures implemented by airports
    • Understanding the risk of illness or quarantine affecting the supply chain, to include outsourcing, product delivery, offsite facilities, and more.

Ars Technica, C3, 16 March, MicrosoftTeams went down for two hours as Europe logged in

The Guardian, C3, 12 March, US Fed injects $1.5tn to markets as Dow and FTSE suffer worst day since 1987

ECB, A2, 12 March, Press Conference

European Commission, A2, 16 March, Statement
by President von der Leyen at the joint press conference

Bundesregierung, B2, 11 March, Merkel ruft zu Solidarität auf

Bundesregierung, B2, 17 March, Aktuelles von der Bundesregierung

The Washington Post, C3, 12 March, If the coronavirus leads to another financial crisis, it might start in Italy

Reuters, C3, 12 March, Text: What President Donald Trump told Americans about coronavirus

Reuters, C3, 11 March, Wall Street tumbles, Dow confirms bear market

New York Times, C3, 16 March, ‘Go Big’ on Coronavirus Stimulus, Trump Says, Pitching Checks for Americans

Reuters, C3, 12 March, Global supply chain disruptions from coronavirus will pressure China’s trade

IMF, B2, 9 March, Limiting the Economic Fallout of the Coronavirus with Large Targeted Policies

Vox, C3, 9 March, The Saudi Arabia-Russia oil war, explained 

The Weather Channel, F3, 10 March, Coronavirus
and the Seasons: What We Know and Don’t Know

WHO, A2, 11 March, WHO
Director-General’s opening remarks at the media briefing on COVID-19 – 11 March
2020

ECDC, A2, 17 March, Situation
update for the EU/EEA and the UK, as of 17 March 2020 08:00

Interested in becoming a premium customer?

Unlock exclusive benefits by becoming a premium customer
Picture of QuoINT
QuoIntelligence informs decision-makers of current and potential cyber and geopolitical threats by providing customized Finished Intelligence reports. Our team of experts provides full contextual analyses to produce top-quality Intelligence and to better enable organizations to mitigate risk.

Share this article:

COVID-19 Pandemic: Response Checklist for CIOs and CISOs

Share this article:

Related Posts

Subscribe To Our
Weekly Newsletter

Subscribe to our newsletter to receive Weekly Intelligence Summaries, cyber news, and exciting updates.