06.29.20
Corvus Team

Breach Response During a Pandemic: What Brokers & Clients Can Expect

As society has dealt with the effects of Covid-19, the Corvus Smart Breach Response team has been tracking how the shifts in business, government, legal & social spheres have impacted breach response efforts.

We can’t believe spring is already here! We’ve been launching products, opening new offices, and pushing our technology to new heights.

What’s in Store for an Organization Affected by an Incident in the Near Future?

Communication Woes

First, it should be said that the platform for cyber risk is simply higher during this time, creating an environment with the possibility of more breaches. We discussed elevated cyber risk in a previous post. But specific to breach response, many of the same problems that increase risk also complicate the response.

For organizations, simply getting in touch during an urgent situation can be difficult. With unusual work schedules, parents juggling full-time work and child care, and other factors, it may be harder to get everyone who needs to be informed and consulted about a potential data breach onto the same call at the same time. You can no longer tap everyone to huddle in a conference room. 

Distractions, just like with any of our calls, are a factor in breach response as well. A pet jumping on the keyboard, choppy WiFi connections, a child needing attention - these interruptions can range from comical to a minor annoyance in normal business discourse. When dealing with an acute situation like a cyber incident, though, where every minute counts, such situations can become more onerous. 

The effort to assemble a key team can be amped up dramatically in the case of a ransomware attack that has succeeded in shutting down access to IT for an entire organization’s employees, as happens in the most drastic ransomware events. Then, the inability to get a team together in a room can be truly crippling. If you can’t use your primary telephone or computer to log into a teleconference, what do you do? It can lead to some scrambling situations. 

Forensics, IT Resources, and Shipping

Supply chains have been in flux due to Covid-19 for a number of reasons. Capacity is strained thanks to record use of online shopping and delivery services, making delays much more frequent. We’re even seeing that goods are lost more frequently. 

This can come to bite during breach response when trying to get evidence to the forensics firm to conduct their investigation.  While aspects of the forensics investigation can be sent and received electronically, often an organization has to send encrypted hard drives with forensic images of computers and servers to the forensics firm. Those deliveries have been delayed or lost more frequently during the pandemic. This highlights the importance of sending information on encrypted drives so that if stolen or lost, the data is not accessible to the unintended recipient.

On-site collection of evidence or recovery of systems by external firms -- something that is often needed for clients with smaller or outsourced IT departments -- faces similar challenges. In the early days of the pandemic, people hesitated to leave their homes. And even with a willing vendor partner, coordination between in-house personnel, external IT resources, and building management (to gain access to closed facilities) proved tricky.

Dateline 2021: What Breach Response Looks Like

Uncertainty reigns in questions about how long the pandemic will persist and what a new “normal” looks like for business practices. For now, it seems unlikely that many companies will rush back from their fully- or mostly-remote status, and may never get back to their previous numbers of daily in-office workers. That means several of the challenges described here could become permanent fixtures of breach response. 

As we all adjust, look for new protocols and processes to be added to Incident Response Plans (IRPs) and Business Continuity Plans (BCPs) that factor in a more remote workforce. Now, more than ever, connecting with the right vendors who have experience guiding clients through breach response during the pandemic will help avoid the pitfalls other organizations experienced earlier this year.

The content of this article was adapted from a discussion between Lauren Winchester, VP of Smart Breach Response at Corvus, and Pasha Sternberg, an Attorney at Polsinelli PC specializing in privacy and cybersecurity matters. The two spoke during the Insurance Business America Broker Connect - Cyber virtual conference in June 2020.

[RELATED POST] Tech Companies: Beyond Cyber Risk, the Cost of Downstream Impact

Tech Companies: Beyond Cyber Risk, the Cost of Downstream Impact

The rise of remote work and growing concerns over ransomware acted as partners-in-crime to get organizations to hone in on risk mitigation efforts over the past couple years. Through compiling our Risk Insights Index, we found that with certain initiatives —  safer or reduced usage of RDP, growing use of email security tools, and other measures taken to limit the impact of threat actors — businesses are more prepared than a year before and ready to play defense. Those efforts are borne out in our finding that the rate of companies who pay a ransom when attacked with ransomware fell by half within a year. 

[RELATED POST] Tips from Top Brokers: How to Play Offense in a Cyber Hard Market

Tips from Top Brokers: How to Play Offense in a Cyber Hard Market

The whisperings of “firming rates” start first, quietly in business meetings, then published in industry reports. Soon to follow, rumblings of a “hard market” are brought to the conversation. It’s cyclical in nature, and we see it across all insurance lines at one point or another. For years, Cyber Insurance stretched far and wide with “soft” market conditions, remaining highly profitable. Now that period of growth, with exceedingly available coverage and inviting terms, has stalled in the face of a hard market.