Fraud & Cyber Risk in the COVID-19 Era
As organization’s and individual’s digital footprints continue to expand, so does the overall cyber threat landscape. The COVID-19 pandemic has led to a large portion of the global workforce moving to a remote working environment which has increased organizations exposure to cyber threats including social engineering and phishing scams, data breaches and leaks, ransomware and business email compromise attacks. In many instances, companies have turned this into an opportunity to accelerate their digital transformation, but it cannot be at the risk of turning a blind eye to fraud and other cyber risks.
At ISMG’s recent Virtual Cybersecurity Summit: Fraud & Payments Security, Managing Director Rocco Grillo and leading cybersecurity expert, teamed up with industry leading CISOs to discuss how in the current environment, the human element is oftentimes the Achilles heel for organizations. Rocco says, “employees that may be distracted, may not have the right awareness, may not have the right controls or training in place, that’s where the attackers are really going to zero in on and maximize their efforts and financial gains or attacks.” In particular, social engineering and phishing scams have proliferated since the beginning of the COVID pandemic, taking advantage of the remote workforce. Organizations should continue to increase employee awareness of these risk areas through internal training and effective communication so that their remote workers are aware of these potential areas of cyber and fraud risk and remain diligent in their day-to-day professional activities.
Another key area of focus for organizations to mitigate cyber and fraud risk in a remote environment is to understand their new threat landscape. In the COVID environment, this includes maintaining insight into new endpoints and exposures. Endpoint security now increasingly encompasses personal printers, scanners, phones and tablets, which are connected to the same home networks employees are now using to connect for work. In another recent webinar, “The Shifting Frontline of Fraud” hosted by SINC USA, Rocco stresses the point that, “especially in the remote world, people are not only leveraging endpoints within their own companies, but within their personal world.” Organizations not only need to be aware of their own corporate environment, but any new devices employees are utilizing outside of their firewall.
Organizations can help mitigate this cyber and fraud risk by identifying their most critical assets and by ensuring the correct controls are in place. Conducting simulated cyber-attack exercises or readiness evaluations that include not only the IT or security functions, but the entire C-Suite, including board members, will help organizations gain an understanding of the threats to their organization or industry and how to best prepare and respond to potential incidents. These exercises will advance cyber resilience and also help identify any new weaknesses to those critical assets that may have been introduced as a result of the move to a highly remote workforce.
Watch the full SINC USA webinar “The Shifting Frontline of Fraud” HERE.
Watch the full ISMG webinar “The New Era of Fraud - The Evolving Threat Landscape” HERE.