Intelligence Bulletin – Coronavirus (2019-nCov) outbreak: Preparedness and Response Checklist for CIOs and CISOs

26. February 20

Declassified Warning from 24.02.2020

Governments, industry leaders, and investors[1] across the globe have already realized the economic and business impact of coronavirus since Chinese officials first identified the virus on 7 January.[2] While the outbreak was initially largely confined to Asia, it has since spread globally[3]  with a continually increasing rate of infections across the Middle East, North America, and Europe. Kristalina Georgieva, Managing Director of the International Monetary Fund, warned[4] that the forecasted impact of the virus to global economies based on the “current baseline scenario” would likely cut 0.1 percent from global growth. However, Ms. Georgieva acknowledged a more dire scenario will result in even more protracted growth consequences, stating “Global cooperation is essential to the containment” of the virus.

In Europe, infections are expected to rise after Italian authorities confirmed more than 200 new cases in northern regions on Sunday, 23 February, an exponential increase from only five known cases reported three days earlier.[5] Northern Italy, which includes the densely populated Piedmont, Lombardy, and Veneto regions, borders France, Switzerland, Austria, and Slovenia. While Austria tested some train passengers travelling from Italy to Germany for symptoms, given the open borders between European countries with limited border screenings, it is possible the virus will quickly spread to other countries, if it has not already. Additionally, Italian authorities have not yet confirmed what caused this spike in cases due to a yet-unknown patient zero, and a high rate of infections that likely happened from asymptomatic carriers. Therefore, the possibility that similar situations might happen in other European regions in the following days cannot be ruled out and should be taken in consideration by decision makers. Other European cities have already taken precautionary measures, such as the cancellation of the Mobile World Congress (MWC) 2020 in Barcelona.[6] On Monday, 24 February, the London, Frankfurt, and Milan stock exchanges fell by around 2-3.5 percent, highlighting the market anxiety over a potential wider outbreak in Europe.[7]

Italian authorities have locked down several cities, closed public institutions such as museums, churches, and schools, cancelled events including Venice’s Carnival,[8] and advised people to not go into work or to work remotely to prevent a further spread. Italian banks, such as Intesa SanPaolo, Unicredit, and Banco BPM, closed bank branches and several multi-national Italian companies have halted business travel, changed in-person meetings to conference calls, and are implementing remote working.[9]

Considering a likely spread of the virus across Europe, global organizations and companies operating in or with impacted regions may be required to stop travel or enforce work from home restrictions.

In order to help address the potential impact your organization faces, Chief Information and Security Officers (CIOs and CISOs) should consider the following points:

1. An outbreak of the virus in other EU countries is a likely scenario

2. Companies and organizations located in the EU should evaluate their business continuity and disaster recovery plans, including:

  • Restricting personnel from visiting organizations’ offices might be a temporal policy enforced by extraordinary local government restrictions
  • Restrictions might last between two to four weeks, hence organizations should evaluate their business continuity plans around this time interval.
  • Organizations that cannot offer remote working capabilities might enforce paid or unpaid leave to their employees
  • Organizations that can offer remote working should be prepared to quickly implement remote working solutions, including (but not limited to):
    • VPN access (user registration, token rollout, etc.)
    • Personnel training (VPN access, security awareness, phone/email solutions for communication, etc.)
    • Data security segregation (restricting VPN access to only the data required to fulfill employees’ daily job)
    • Increased network traffic through VPN servers
    • Increase network security monitoring
    • Consider solutions for ensuring technology support in the event IT help desks are overloaded with requests from inexperienced remote workers

3. Unplanned remote work and other extraordinary measures will inevitably increase organizations’ exposed surface and attackers’ opportunities for attacks, due to (but not limited to):

  • Reduced and limited security monitoring
  • Loose security policies to facilitate remote working for new users
  • Personnel trying home-made solutions to keep working from home, such as installation of unauthorized software (e.g. remote-desktop, tunneling, etc.), copying sensitive data to unauthorized external devices, or cloud solutions
  • Increase of malspam attacks exploiting the coronavirus theme to encourage personnel to open malicious documents. Ransomware attacks could highly capitalize from an increased interest and concerns by citizens about the latest news on Coronavirus and exploit them to compromise companies with targeted attacks.

4. Unexpected cancelation or delay of business travel

  • Awareness of government-issued Travel Advisories
  • Understand the risk of potential restrictions to business travel, including, but not limited to, traveling with sensitive business documents and assets in a foreign country
  • Preparing for extended outages for business travelers, factoring in screenings and other safety measures implemented by airports
  • Understanding the risk of illness or quarantine affecting the supply chain, to include outsourcing, product delivery, offsite facilities, and more.

[1] The New York Times, C3, 21 February, Coronavirus Outbreak Deepens Its Toll on Global Business

[2] WHO, B2, 12 January, Novel Coronavirus – China

[3] WHO, A2, 24 February,  Coronavirus disease 2019 (COVID-19) Situation Report – 35

[4] IMF, B2, 22 February, Remarks by IMF Managing Director Kristalina Georgieva to G20 on Economic Impact of COVID-19

[5] La Repubblica, C2, 24 February, Coronavirus, five victims. Vo ‘, the possible patient zero […] (translated)

[6] MWC Barcelona, A1, 12 February, GSMA STATEMENT ON MWC 2020

[7] ANSA, C1, 24 February, Coronavirus: Milan Stock Exchange opens 3.5% lower (translated)

[8] La Repubblica, C1, 24 February, Coronavirus, stationary schools and universities, (…) (translated)

[9]  ANSA, C2, 23 February, Coronavirus and companies, economy is dealing with emergency (translated)