By Ton Diemont, Head of Cybersecurity at KPMG in Saudi Arabia
Hackers are jumping on the COVID-19 pandemic to exploit global uncertainty
Riyadh, 07 April 2020: The outbreak of Covid-19 poses a challenge to many businesses across the globe, also impacting information security as ill-wishing threat actors actively seek to exploit the situation. With the increasing use of remote technology and employees working from home, it is crucial that cybersecurity is included in contingency planning and has the attention of the Board.
Since the worldwide outbreak of Covid-19, there has been an increase in malware using the virus itself as the bait. Cybercriminals try to take advantage of global uncertainty and disruption with additional phishing, online scams, and malware installed via Covid-19 heatmaps and social media campaigns, according to KPMG in Saudi Arabia.
In light of these insights, Ton Diemont, the firm’s Head of Cybersecurity in Saudi Arabia, recommends steps to best prepare for the current threat landscape for Chief Information Officers (CIOs) and Chief Information Security Officers (CISOs) in order to offer a solution to protect employees that are working from home.
- Ensure to inform your employees how they can work securely and safely, and how they should handle situations in case of doubts
- Make sure the employees are aware of what the protocol is in case of incidents or doubts
- Ensure your helpdesk is fully operational
- Be vigilant for phishing emails or whaling (i.e. phishing attacks which specifically target your CxO level)
- Ensure that you as CIO and CISO are included in business decisions related to the crisis. Therefore, be part of the crisis management organization and demonstrate your added value as a trusted advisor, as security measures will be challenged or relaxed during the crisis
- Above all, think in solutions, not in bottlenecks
“Organizations that want to protect themselves from these types of crisis must ensure to incorporate these types of scenarios in their periodic risk assessments at board and operational level. No one can deny that the likelihood of this threat is insignificant or nihil and that investments to deal with, or avoid, these risks will be wisely applied by senior management,” asserts Diemont.
As a result of Covid-19, most of the increased spending for companies can be traced back to increased demand of infrastructure and tools/software to support staff that are working from home and has been implemented on short notice. Other cost centers are IT helpdesk facilities and staff.
These additional security measures that were implemented hastily may turn out to be more expensive than under normal circumstances, believes Diemont, adding that these measures can be re-evaluated when business returns to normal.
“While the Covid-19 pandemic will significantly impact businesses, the current view of, unfortunately, most senior management is that cybersecurity is merely seen as a cost center rather than a business enabler or business saver. Hence, cybersecurity is critical to collective resilience and must be considered foundational,” he concluded.
About the Author
Ton Diemont, Head of Cybersecurity at KPMG in Saudi Arabia. Ton Diemont is a Director based in KPMG’s Riyadh office with over 25 years of experience in cybersecurity, IT, and Operational Risk Management and Financial Services. He worked over 21 years with leading financial institutions in the Netherlands, serving in the positions of CISO and Corporate Head of IT Risk in the last six years. He worked with many central banks, regulators, and organizations within the financial services sector. He has a special interest in assisting financial institutions with their cybersecurity and risk governance customer-centric transformation programs.