Protect your IT infrastructure during COVID-19

How you can avoid being harmed by a cyberattack

The PwC Cybersecurity and Privacy team has been monitoring the evolving coronavirus crisis closely and has been taking part in conversations with clients from various industries.

By now a lot of companies have allowed their employees to work from home and have therefore increased or set up the required IT infrastructure. Unfortunately, this also provides a good opportunity for hackers to attack your IT infrastructure.

Key questions to consider

There are a number of areas that may be affected. Here are some questions for you to consider:

Do you have enough and secure VPN connectivity?
Have you increased the IT system and network monitoring?
Have you installed advanced antivirus solutions on your server and endpoints?
Have you installed the latest software patches and security configurations?
What are the defined actions in case of increased external phishing activities?
Do you have a clear overview of the access rights of employees working remotely?

Critical Services

Observations have shown that the following services might be interrupted due to COVID-19. This overview describes how you can manage your IT infrastructure and how you can avoid being harmed by a hacker attack.

	Remote Work Technology	BCM Service	Access Management	Phishing and Social Engineering Attacks	Antivirus Solutions	Software Patches	Response Chain
Description	Most companies switch to remote work and face limited capacity of VPN technology or other technologies (e.g. Citrix).	BCM services are at their limits and could face cybersecurity issues which they have not thought about.	Companies still need to grant access to their secure data to employees working remotely. Identity and Access Management becomes crucial.	Malicious cyber actors could take advantage of public concern surrounding COVID-19 by conducting phishing attacks.	Advanced antivirus solutions need to be installed on servers, endpoints and on the customer side.	Companies need to install the latest software patches and security configurations.	Active system monitoring needs to be assured in terms of technologies and human resources
Consequences if interrupted	Slow system performance or interruptions due to overstretched capacity. Increased vulnerability due to BYOD and bottlenecks in insight & outsight connections.	They react and adapt to the situation instead of professionally operate. They need additional support for their daily business and from experts to think through potential scenarios.	Employees do not get access to the data they need for their daily job or their access rights are too broad.	Attackers receive access to company data and might install malicious software (e.g. malware).	A malware can be executed on servers, BYOD (e.g. notebooks) which leads to unauthorised access and potential data loss.	Hackers may find the systems with the highest vulnerability in your firm and attack them.	Likelihood of having undetected malicious system behaviour might increase and harm your organisation. Incident response and recovery might be insufficiently planned.

Coronavirus scenarios and mitigation for Cybersecurity

COVID-19 will affect organisations to different degrees, requiring several actions.

	Minor Impact	Medium Impact	Major Impact
Details	Due to the current situation, phishing attacks on your IT infrastructure increase and might harm your firm.	Hackers have installed malicious software in your IT networks. The software spreads through the entire infrastructure.	Malicious software encrypts your server and backups. As a consequence, certain services are no longer available for your employees and clients (e.g. payment service).
Functional impact	Malicious software might be installed in your IT infrastructure without being detected. Increased potential for data loss.	Likelihood for a potential data loss is high. Moreover malicious software might block certain devices (e.g. notebooks) so that employees or clients no longer have access to your infrastructure.	Employees and clients no longer have access to the company infrastructure. Certain tasks can no longer be performed. This situation might have a reputational and financial impact on your organisation.
Proposed actions	Install advanced antivirus solutions on your server and endpoints (e.g. notebooks and tablets). Increase the awareness of your clients and employees who have access to your network.	Identify the most critical services and confidential data for your business. Identify the systems with the highest vulnerability. Install the latest software patches and security configurations. Increase monitoring through intelligent technologies and third party experts.	Functional detection capabilities (SOC) are in place. Cybersecurity issues need to be covered by a response organisation (instant response and crisis management). Emergency and crisis management plans are reviewed and ready for use.