EY: Surge in cyber attacks poses data loss risk

Citizens and businesses have rushed onto the internet with surging teleworking and the use of virtual collaborations tools, plus spiking demand for all things online, such as media and gaming. This has led to the rapid increase in the risk of cyber-attacks, exposing vulnerabilities to the confidentiality, integrity and availability of key information systems.

Richard Watson, EY Asia-Pacific cybersecurity risk advisory leader, said: “Remote working has led to an increasing risk of scams, ransomware, malware sites or multiple cyber threats. If some organisations are not set up well for remote working, there is a risk that people start to forward confidential data to their home computers or printers, which are used by all the family, and may not be up to date from a virus protection point of view.”

“COVID-19 is currently challenging organisations across the globe to adapt and reprioritise critical business functions. An organisation’s ability to protect its remote workforce, valuable information assets and respond quickly to a cyber incident will be vital for navigating this period of uncertainty.”

“The rise of remote working and online consumption have triggered a new wave of cybersecurity risks, endorsing C-suite and senior leaders to form much closer relationships to improve overall business understanding of cybersecurity.”

Many businesses in Asia-Pacific have now moved to a fully work-from-home model, which has created the following challenges, according to EY:

1. Lack of hardware and devices for employees, students and teachers. Companies that don’t usually work from home, or households that do not have electronic devices for all family members, will find it difficult to secure safe devices and training for secured electronic activities.
2. Insufficient virtual private network (VPN) bandwidth for the number of people working from home. There is a risk for employees to start using home devices and storage due to the insufficiency, which are not secured and put corporate data at risk.
3. Unsecured work environment. Asia-Pacific has a greater proportion of people living in apartments, often with parents or roommates. This work environment can also be a risk, allowing sensitive and confidential information to be overheard or overseen by non-employees both in public or private spaces.
4. Increased cyber-attacks under fear and uncertainty. Many cyber attackers are capitalising / exploiting on the public’s fear of COVID-19, luring them to phishing emails, fraudulent news update and malicious sites.

To support businesses in alleviating cyber risks, EY has identified five steps to mitigate risks and defend against opportunistic cyber attackers, these include:

1. Centrally manage and promulgate robust teleworking solutions to empower and enable employees, customers, and third parties;
2. Leverage role-based rather than location-based identity and access management solutions, analytics, and controls;
3. Establish second-factor authentication for formerly in-person processes, such as manual phone calls, a system of shared secrets, or other authentication controls relevant to the formerly in-person process;
4. Provide links to official resources for pandemic-related information to avoid the spread of disinformation within your organisation, and
5. Establish formal and transparent channels for corporate messaging to highlight what the enterprise is doing to address this pandemic.