Why the Pandemic Isn’t the Only Stealth Threat to Your Business

By Bob Kress


COVID-19 Cybersecurity Private Company Governance Online Article

Nearly two years since the declaration of a global pandemic, there’s a resigned acceptance that COVID-19 still needs to be a regular topic on the boardroom agenda.

Of course, it matters that business leaders take measures to ensure the safety and well-being of their people and their customers. But the threats to business continuity—and the measures that need to be taken to combat them—have become so commonplace that they have almost lost their impact. And just when we think we have found a way to handle COVID-19 and still manage our personal and professional lives, the virus mutates and presents a whole new series of problems.

It’s a pattern that’s all too familiar to your security teams. Even with robust measures in place to stop cyberattacks, the threats keep coming—and morphing into new and clever ways to disrupt your business.

This is where board members need to recognize that security has moved away from being just a technology issue to being fundamental to the business strategy. Getting the balance right is important.

Research in 2021 found there’s a Goldilocks principle at work in most organizations: Some concentrate on aligning first and foremost with the business strategy at the expense of cybersecurity. Others focus on cybersecurity at the expense of aligning with business outcomes. The winners are “Cyber Champions” who blend their emphasis on business strategy and cybersecurity to get things “just right.”

These Cyber Champions are better at stopping attacks, find and fix breaches faster, and reduce attack impact. What’s more, there’s money on the table. The cost of breaches could be reduced by as much as 71 percent if others followed a Cyber Champion approach, according to the research.

So, how can you make sure you’re getting the right mix of business and security efforts? Being fully informed with the latest threat intelligence helps to keep your business on track.

At Accenture, we continually investigate numerous cases of suspected cyber espionage and financially motivated targeting. During these investigations, our threat intelligence analysts and incident responders gain firsthand visibility into the tactics, techniques, and procedures (TTPs) employed by some of the most sophisticated cyber adversaries. Here are some of the notable trends we’ve seen that are affecting how your business operates:

  • It still pays to hold your company to ransom. If you’re in the top five target industries—manufacturing, financial services, health care, technology, and construction—you’ll already know that tried-and-tested ransomware techniques are troublesome for you and profitable for the attackers.

  • There are vulnerabilities outside your four walls. Widespread campaigns that have affected public and private organizations around the world (at SolarWinds, and more recently, using Log4j) show just how vulnerable supply chains can be.

  • Attackers want your information as much as your money. Software is being used to steal information (known as infostealers) such as log-in credentials, system details, and cookie sessions—and is sold on the dark web for as little as $10 to $200.

  • Cloud can mean new business and more attacks. Remote working has meant we’ve all needed to spend more time in the cloud, but this also demands tighter security measures—as we’ve seen with some attacks in which machines have been used to “mine” forms of cryptocurrencies.

  • Attackers are active underground. There’s a lot of buying and selling going on in a huge underground market, often around unauthorized network access schemes.

Being forewarned is often forearmed. Boards should be asking their organizations how they are staying aligned with the business strategy while simultaneously staying attentive and preparing for the threat trends above in order to be more resilient. And just like our world is addressing mutations in the pandemic, evolving cyber threats can be tackled with informed and innovative responses.

Bob Kress is a managing director at Accenture Security, where he is the cochief operating officer and the global lead for quality and risk.