Reinsurance
Reinsurance
Product Family
Product Family
Claims
Claims
Risk Consulting
Risk Consulting
Resources & Tools
Resources & Tools
Resources and Tools
Resources and Tools
About AXA XL
About AXA XL
About AXA XL
About AXA XL
Media Center
Media Center
Get In Touch
Get In Touch

The relaxation of stay-at-home orders and work restrictions will result in additional cybersecurity concerns which arise from the rapid reintegration of remote workers returning to the office. These risks are likely to impact even those organizations that were prepared for the switch to remote working. We have categorized these cybersecurity risks into four broad categories: personal devices, unapproved personal applications, unattended systems, and human error. Each category represents a vector for the introduction of malware and/or sensitive data loss from your organization.

Use of personal devices
The rapid switch to working remotely has meant an increased reliance on personal devices for work use. Additionally, the impact that COVID-19 has had on international production and shipping has made procuring new devices for work use even more difficult, necessitating business use of personal devices. Personal devices include not just personal phones and computers, but also USB storage devices and other peripheral devices which are able to store or transmit data. If compromised by hackers and then attached to an organization’s infrastructure, these devices represent a potential vector to introduce malware into an enterprise network upon a return to the office and to so wreak havoc.

In an ideal world, personal devices would not be brought in as infrastructure upon returning to work. Any work that has been performed on personal devices would be sanitized and migrated onto organization-owned infrastructure. However, as this may not always be feasible, organizations should plan for how personal devices can be integrated into the workflow as needed. Options include segregated and monitored networks specifically for personal devices and commercially available solutions for securing mobile, laptop, and desktop devices.

Unapproved personal applications
Remote work can create an overlap between personal and work life. It is often difficult for workers to keep from using work devices for personal use. This presents the issue of unapproved and unvetted applications operating on work hardware. Such applications include (but are not limited to) teleconferencing software, personal cloud storage applications, printer or other hardware drivers, and video games. Additionally, the use of social media and general internet browsing on work-issued devices can increase the exposure to phishing and malware attacks. These applications present similar risks to personal devices but may be more problematic as they are present on devices which are likely to be considered trusted or secure by infrastructure standards.

Organizations should have a plan in place to identify and secure devices that were used while working remotely. Inventory should be updated before returning to work as well as during the process. Securing devices should involve identifying and fixing misconfigurations, patching, removing assets that shouldn’t be online, malware scanning/cleaning, and if possible restoring devices from a known, good backup. All of this should take place before connections are made to any trusted internal portions of a company network.

Reintroduction of unattended systems
From an IT perspective, another concern is the reintroduction of systems and services that were offline or unattended during the work-from-home period. Organizations may have ceased some or all IT functions during this period of remote work. Those organizations which had to shut down completely may have also taken pieces of IT infrastructure offline for the duration. If this resulted in missed security patches, these systems maybe newly vulnerable upon their reintroduction. Additionally, if systems were left online but unattended or unmonitored, they may have been unwittingly compromised by hackers who are waiting for a company’s return to work before deploying malware in the company network.

Before returning to work, any critical systems that were unmonitored should be completely scanned with an antivirus tool to ensure that no infections have taken place and logging should be checked for any evidence of intrusion. Security patches and configurations should be verified across all machines, especially those which were off or disconnected from infrastructure during the remote work period.

If systems were left online but unattended or unmonitored, they may have been unwittingly compromised by hackers who are waiting for a company’s return to work before deploying malware in the company network.

Human error
The opportunity to return to some degree of normalcy coupled with a desire to recoup losses sustained as a result of the pandemic may result in human errors during employees’ return to the office. Human error can take the form of falling victim to phishing, unwittingly violating security practices, forgetting processes that have not been performed in months, accidental information leaking, etc. During this period, as people return to the workplace with the vulnerable devices we mentioned earlier, there will likely be uncertainty about policy and practices regarding personal devices and applications in the workplace. Additionally, phishing attacks under the pretense of IT or financial services may be more persuasive than usual and the pressures of returning to standard operations may encourage complacency. Physical security practices must also be considered, as employees are likely to be both out of practice and less prepared to deal with social engineering after a period of isolation.

Phishing education programs and training should be restarted. The utilization of phishing tests is useful to gather statistics on the risk of this breach method. Monitoring and continuous adjustments of email filtering rules should remain a priority. Additionally, training specific to the organization’s physical security concerns should be conducted upon the company-wide return to work.

Additional recommendations
Some additional measures organizations can take to secure themselves are:

Establish visibility: Organizations should map out and understand their external digital footprint. This helps in assessing where they could have been and could still be vulnerable to attack. This includes threat intelligence work, which can be conducted internally or outsourced. A sweep of the surface, deep, and dark web may produce indications of company exposure or heightened threat actor interest.

Insider threat: The insider threat concern will be pressing, as employees may have conducted work outside organization networks for months. Risk mitigation programs should be reviewed and internal monitoring should include checks for data leaks.

Protect executives: High-risk individuals should be trained appropriately for the new set of risks they face. In addition, their digital footprints should be assessed and monitored to make it more difficult for them to be targeted. If compromised, their high privilege accounts make for more severe compromise.

Insurance protection: The COVID-19 pandemic has already hit many businesses financially, slowing down operations and impacting productivity. The last thing a company needs upon returning to normal operations is to be impacted by a cyber incident. Cyber insurance can cover downtime and identify the technical and legal expertise needed to mitigate and remediate intrusions.
          

AXA XL insureds have access to S-RM, one of our cyber security partners, who are able to advise on all things cyber security. S-RM can facilitate CISO workshops with your information security leadership to understand your organization’s environment and provide expert guidance on cyber security plans. AXA XL insureds also have access to S-RM’s Phishing Testing capability, which enables organizations to gauge their employees’ cybersecurity awareness, as well as Incident Response Workshops and Plan Reviews, to ensure that your organization has a plan in place in the event of a cyber attack.

DOWNLOAD THIS ARTICLE AS A PDF.

About the authors
Kate Walas is Head of Cyber, Tech & MPL Operations for AXA XL, North America. She can be reached at Katherine.Walas@axaxl.com. Aaron Aanenson is Director of Cyber Security for S-RM. He can be reached at A.Aanenson@s-rminform.com
  • About The Author
Invalid First Name
Invalid Last Name
Country is required
Invalid email
Invalid Captcha
 
Subscribe

More Articles

Quick Links

  • Related Resources

Fast Fast Forward

A look at Cybersecurity, post-pandemic

Just as criminals prey on victims when they are at their most vulnerable, for example, after a natural disaster, COVID-19 will be no different. Since the pandemic hit, we have seen an explosion of phishing and malware campaigns, with many of our own contacts reporting up to a 300 percent increase in phishing attacks since February 20201  (many posing as COVID-19 information or resources).

The uptick in attacks couldn’t be happening at a worse time. As businesses operate from remote locations, IT resources are stretched thin and employees, facing a multitude of new challenges working from home, will invariably struggle to remain as vigilant to cybersecurity threats as they are under normal working conditions. 

And yet, it’s at times like these when more than usual vigilance is required. Employees working remotely may have less secure connections, including Wi-Fi connections and shared devices. Remote workers will also have plenty of distractions that can divert attention and increase the likelihood of a phishing email being overlooked.

In the short term
Under regular circumstances, corporations globally suffer cyber losses amounting to trillions of dollars annually. For example, according to one study, the forecast for the global cost of cyber crime pre-pandemic was expected to exceed $2 trillion in 2020. Now that companies are thrust into conducting business from multiple locations with little or no preparation, that number is likely to increase.

As companies rely on unfamiliar technology, such as video conferencing tools, and as employees connect to company servers using unsecured devices, increased opportunities for cyber attacks will continue to push that total higher.

Other areas of vulnerability include:

  • Online video and chat sites
  • Home routers and Wi-Fi connections
  • Mobile devices (typically, these have less security)
  • Popular apps, including shopping apps, that could have security gaps

While all industries are vulnerable, hackers are paying particular attention to organizations in and around the health care, pharmaceutical and research sectors, while also targeting academia, financial institutions and e-commerce businesses.

As IT professionals scramble to update systems, install patches, and help businesses secure remote operations, hackers will increase their efforts to gain access to company networks via any method they can.

 

Read More
Fast Fast Forward

COVID-19's impact on cyber security

The numbers are up! According to the latest report by Check Point Research, there has been a 30% increase in reported COVID-19-related cyberattacks every week over the last three weeks. Given that millions of workers are working from home right now, the increase is not surprising.

As businesses around the world implemented a work from home (WFH) operating model, IT, security and management teams worked hard to facilitate a strong and secure infrastructure. WFH operations present significant cyber risks if all aspects of security were not properly considered. In the rush to keep businesses up and running when the pandemic hit, was anything missed?

In our recent Fast Fast Forward Live webinar, cybersecurity experts from AXA XL, S-RM and Mullen Coughlin discuss the impact of COVID-19 on cyber security. The on-demand webinar asks the critical questions businesses have to consider during this time and how this pandemic will change the cyber threat environment moving forward.

Speakers include:

  • Elissa Doroff, Underwriting and Product Manager of Cyber & Technology, AXA XL
  • Billy Gouveia, Senior Managing Director, Cyber Security, S-RM
  • Sian Schafle, Partner, Data Privacy and Network Security Practice, Mullen Coughlin

Learn more. Listen to their suggestions. Watch the replay here.

Webinar_Cyber issues in the age of Covid-19
Read More
Fast Fast Forward

Essential cyber risk assessments: Tailoring risk assessments to fit your organization

It comes as no surprise that cyberattacks are a top concern among many organizations. Within the last ten years alone, cyber risks have become the fifth most likely global risk, ranking just below “massive data fraud and theft.”

It is a risk that many organizations believe will get worse – 82% of organizations believe cyber attacks will lead to theft of money and data, and 80% believe there will be disruption of operations. Moreover, cyber attacks do not discriminate when it comes to which organizations to target – 43% of all cyber breaches in 2019 involved small businesses.

To thwart cyber attacks, companies need to assess their own level of cyber risks. Despite the availability of numerous risk assessment frameworks and standards, a failure to implement a cyber assessment plagues far too many organizations. Whether it’s a perception that such assessments are too difficult or a misunderstanding of how much cyber exposure the organization has, companies often opt to implement common security controls in reaction to news of cyber attack or breach.

The result: many businesses are exposed to potential cyber attacks because of a pieced-together security plan that does not address specific exposures. Still, standards can, and should, serve as a solid jumping-off point. By using a standard as a guideline for building a customized approach, companies can begin to build a cyber risk assessment framework that is unique to their organizations.

Assessment: the prep
To manage your company’s cyber risk, you must first determine what your risks are, how an assessment will be applied to mitigate those risks, and which risks are primary. That way, you can conduct a risk assessment that fits within your organization’s needs.

Before any assessment, your company should define the following criteria:

  • Purpose: Why are you conducting a cyber risk assessment? What are you hoping to protect by doing so? For example, is the purpose to protect reputation, comply with regulatory requirements, comply with contractual obligations, pass an audit for SOC, ISO 27001, or other purposes?
  • Scope: What are you including in your assessment? What will be excluded? How are the results to be utilized? In order to build an effective assessment, your company should align the scope with the budget and the intended use of the results.
  • Roles and responsibilities: Build your accountability team before beginning your assessment. Ideally, companies would assign the risk assessment process to one person to ensure that accountability is enforced. As regulators are holding more organizations accountable for cyber breaches, senior management should lead the risk assessment process.

    • The assessment: four steps 
    Once your organization has developed the purpose, scope, and accountability for the cyber risk assessment framework, you can then conduct your targeted assessment. While each organization’s process will vary, there are four actions that define nearly all cyber risk assessment models.

    1. Identify risks
    Start with understanding what risks your organization faces. To uncover risks, look in the following areas:

    • Assets: what needs to be protected? Consider data, reputation, people, proprietary information, customers.
    • Threats: what could negatively impact the confidentiality, integrity or availability of those assets?
    • Vulnerabilities: what security weaknesses exist that can be exploited?

    Once these areas are identified, your company can then analyze the risks.

    2. Assessing risks
    Assessing risks to determine the likelihood of occurrence involves understanding:

    • The probability and frequency of it occurring
    • The attractiveness of the asset or targeted company
    • The presence and capabilities of the threat actors
    • The level of security protecting these assets
    • The number of people inside the organization who have access to these assets
    • The amount of training employees received on proper cybersecurity protocols

Read More

Global Asset Protection Services, LLC, and its affiliates (“AXA XL Risk Consulting”) provides risk assessment reports and other loss prevention services, as requested. This document shall not be construed as indicating the existence or availability under any policy of coverage for any particular type of loss or damage. AXA XL Risk. We specifically disclaim any warranty or representation that compliance with any advice or recommendation in any publication will make a facility or operation safe or healthful, or put it in compliance with any standard, code, law, rule or regulation. Save where expressly agreed in writing, AXA XL Risk Consulting and its related and affiliated companies disclaim all liability for loss or damage suffered by any party arising out of or in connection with this publication, including indirect or consequential loss or damage, howsoever arising. Any party who chooses to rely in any way on the contents of this document does so at their own risk.

US- and Canada-Issued Insurance Policies

In the US, the AXA XL insurance companies are: AXA Insurance Company, Catlin Insurance Company, Inc., Greenwich Insurance Company, Indian Harbor Insurance Company, XL Insurance America, Inc., XL Specialty Insurance Company and T.H.E. Insurance Company. In Canada, coverages are underwritten by XL Specialty Insurance Company - Canadian Branch and AXA Insurance Company - Canadian branch. Coverages may also be underwritten by Lloyd’s Syndicate #2003. Coverages underwritten by Lloyd’s Syndicate #2003 are placed on behalf of the member of Syndicate #2003 by Catlin Canada Inc. Lloyd’s ratings are independent of AXA XL.
US domiciled insurance policies can be written by the following AXA XL surplus lines insurers: XL Catlin Insurance Company UK Limited, Syndicates managed by Catlin Underwriting Agencies Limited and Indian Harbor Insurance Company. Enquires from US residents should be directed to a local insurance agent or broker permitted to write business in the relevant state.

THIS AXA WEBSITE USES COOKIES

AXA XL, as a controller, uses cookies to provide its service, improve user experience, measure audience engagement, and interact with users’ social network accounts. We won't set optional cookies unless you enable them. You can disable them at any time.

For more detailed information on the cookies used for this website, you can read our Cookie Policy.

Find Out More About the Cookie Policy Privacy Notice