A lot of risky employee behaviors such as accessing social media platforms while using company network computers or unnecessary issuing of sensitive personal or company data tend to lead to most of these vulnerabilities which hackers exploit.
Coronavirus pandemic has created unprecedented uncertainty around human health, the availability of resources, the ongoing demand for products and services and the liquidity of businesses.
But what effect has this had on the broader risk profile, the financial tolerance to risk and the likelihood or impact of key risks materializing. This article examines one key risk which has unquestionably accelerated as a result of Covid-19: Cyber Risk – remote working, spike in cyber attacks and the greater dependency on technology have all changed the cyber risk profile for most businesses in Zambia and world over.
Covid-19 has created new and complex commercial logistical challenges of managing cyber risk for businessese. Many businesses have failed to accelerate the pace of digital transformation across their value chains and supply management systems and to coordinate in a dispersed and digital workforce to the scale and capacity that meet the need of greater digital distribution in ecommerce.
To understand the pace and change in scale of this acceleration the Institute of Risk Management Zambia (IRMZA) has been monitoring several metrics that include companies shifting approximately 40-60 percent of their workforce to remote and virtual workplace. While some especially in the financial services industry operating at high levels of 60-80 percent virtual workforce.
According to sources at
ZICTA, internet utilization is up to around 50-60 percent while mobile phone usage is up by 30-40 percent including greater usage of video calls. And on a global scale, virtual collaboration and remote access tool usage has also seen an increase with over 6 billion meeting minutes on WebEx hosting in excess of 4 million meeting a day globally while record numbers of downloads have also been noted for Enterprise mobile apps such as Zoom Cloud Meeting and Google Hangouts which are up 90 percent from pre- Covid-19 levels according to GSMA statistics.
All these increases in velocity have led to major increases in Cyber security risks as hackers or criminals have intensified their level of thrash as they try to exploit and take advantage of the current Covid-19 situation. With most organizations displacing their workforce from offices, this has led to an abundance of more avenues and opportunities for hackers and attackers to exploit and gain access to networks and sensitive information. Hackers have become incredibly opportunistic and unfortunately, they have seized on the coronavirus outbreak to fundamentally exploit the weakest link in cyber security - Human element.
When the pandemic broke, many businesses especially those that had dragged their feet to digitalize found themselves scrambling to strengthen their online presence. Unfortunately, the only thing their IT departments needed at the time to enable remote access, was infrastructure. However, this in most cases has not been comprehensive enough to accommodate the level of access now needed to what has effectively become a remote workforce. And while in the rush, many overlooked one vital factor: ramping up their cyber security. Not enough time and expertise was given to validate whether the security architecture was sufficiently resilient. Most businesses did what they had to, to remain connected and in doing so, opened access to unprecedented exposure of risks in an unsecure manner.
If the virtual world was not a scary place to be pre Covid-19, it certainly is now because cyber-attacks are on the increase and are originating from anywhere and at any time. Faced with such a daunting situation, what can businesses do to lessen the damage of potential penetration? How can businesses balance the need for scaling up remote working against this new cyber risk landscape? What new actors and campaigns exist to manage these risks? And what is the state of our control environment across new technologies and vendors? These are some of the questions, businesses will have to address in order to create a secure remote-control environment for its employees.
A lot of risky employee behaviors such as accessing social media platforms while using company network computers or unnecessary issuing of sensitive personal or company data tend to lead to most of these vulnerabilities which hackers exploit. Businesses need to continually monitor their internal network security systems and architecture, including network access controls and weaknesses by putting in place remote access review mechanisms for risk-based access and authentication.
Businesses should that employees are ensure trained to detect cyberattacks before allowing remote connections and know how to report a system compromise. The Institute of Risk Management Zambia does recommend the use of Virtual Private Networks ( VPN) and multi-factor authentication as true and tried preventative measures that will not only maintain a secure digital environment but one that will reduce overall cyber risk for the organization.
Other cyber risk management tools recommended include mobile device management approaches to create security controls, as well as encrypted documents and emails across employees’ devises. Cloud services should also be encouraged to operate strong security configurations.