Coronavirus and cybersecurity in the US

13 March 2020 | Applicable law: US

As the threat of the novel coronavirus (COVID-19) has resulted in delays, shutdowns, and disruptions in global supply chains, transportation, government, media, and finance, one of the most critical issues are arising cybersecurity threats and consequences.

Cybersecurity professionals are scrambling to understand how evolving events around COVID-19 will shape the threat landscape. Events such as WannaCry may have temporarily disabled technology services that were running with inadequate security. Still, the repercussions from the COVID-19 will affect every organization, no matter how secure they imagined they were. No single event to date has changed the technical threat landscape more than the consequences and impacts developing around COVID-19.

The list of issues includes:

  • Budget cuts resulting from COVID-19 expenses

  • Supply chain failures resulting from COVID-19

  • Disgruntled former staff (become rogue hackers)

  • Manipulation of news events

  • New cyberScams and Ransomware

  • Hardware shortages resulting from increased network traffic

  • Lack of Cybersecurity technicians to address new threats

Additionally, there are the business consequences, such as changes in consumer patterns and loss of income. COVID-19 falls outside of the outliers. It creates a situation known as the Medusa Effect (i.e., when we experience uncontrollable levels of risk coupled with supporting evidence). Despite the proliferation and advancement of risk assessment methodologies for Critical Information Infrastructures (CIIs), current frameworks do not adequately address COVID-19 and the cascading effects associated with security incidents occurring from interacting entities. Artificial intelligence (AI) software and IoT infrastructure can help to create an ecosystem where all things (devices and people) are connected /networked, rapidly providing real-time information to solve problems before they become disasters. Businesses are quickly creating BCP (“Business Continuity Plans”) to cover “what-if” scenarios that were unthinkable just a month ago. At the point when threats increase because of potential supplier failures, a wave of fresh cyber scams that leverage the virus will appear. See here.

Some simple advice follows:

  • Take the time to understand your business from a cybersecurity point of view. Security professionals and business continuity experts use business impact analysis (BIA) to help understand the products and services each organization provides and the dependencies (technical and otherwise) that they have.

  • Rapidly develop an updated, operable BCP that will allow the core of your organization to continue with little, if any, reliance on outside suppliers and technologies.

  • BCP’s, in turn, should integrate well with technical disaster recovery plans. Review those plans and change them where they are reliant on suppliers or services where interruptions could be foreseen to be more than remote.

The organizations that will survive will be the ones that focus on understanding how to isolate and insulate their core operations and services from the unforeseen and unknown events which are sure to continue.

This document (and any information accessed through links in this document) is provided for information purposes only and does not constitute legal advice. Professional legal advice should be obtained before taking or refraining from any action as a result of the contents of this document.


Related experience

As a full-service law firm, we are able to provide advice and information about a wide range of other issues. Here are some related areas.

Join the club

We have lots more news and information that you'll find informative and useful. Let us know what you're interested in and we'll keep you up to date on the issues that matter to you.