Considerations for Updating Near-Term Intelligence Requirements in Response to COVID-19
Amid the many challenges and changes that COVID-19 has presented organizations with, Flashpoint has received many requests from clients about where their intelligence teams should be focusing when it comes to risk. Flashpoint analysts have provided a forward-look into potential areas of emerging risk that businesses should consider as their companies navigate the business implications of COVID-19.
The intention of this blog is to provide intelligence teams a starting point to navigate this evolving situation, and we will provide updates around misinformation, disinformation, malware, and phishing on our COVID-19 Key Developments blog For each business scenario, our team has provided pertinent risk areas, with recommended intelligence requirements that should be considered. This information aims to enable intelligence teams to prioritize needs, allocate resources, determine data sources, and establish the types of analysis and expertise required to process these data points into intelligence for their organization.
Potential business risks identified by the Flashpoint team include:
- Widespread company layoffs
- Operational security concerns due to employees working from home
- Targeting of identified mission-essential personnel
- Effects of working from home on employees’ mental health and team communication
- Business lines being redirected and/or retooled to support COVID-19 response efforts that are not traditionally supported by the company
Note: this list is not all-inclusive and should serve as a starting point for organizations to review and update their current intelligence requirements. Flashpoint intelligence teams are adding new collections sources to enable clients to monitor these identified intelligence needs.
SCENARIO 1: WIDESPREAD COMPANY LAYOFFS
- Risk: Rapid reduction in workforce makes an orderly termination process impossible.
- Intelligence Requirement: What information have former employees posted to social media or illicit sites that may harm the brand or competitive advantage of the company?
- Intelligence Requirement: Was any company equipment not returned, and if so, is it being offered for sale in any illicit communities?
SCENARIO 2: OPERATIONAL SECURITY CONCERNS DUE TO EMPLOYEES WORKING FROM HOME
- Risk: Employees are operating from home networks that are likely outside of corporate security environments, potentially with passive listening devices present (for example, Amazon Echo/Alexa, Google Nest, Ring).
- Intelligence Requirement: Which employees are actively being targeted and/or have had their personal information compromised, thus potentially enabling remote access to their home environments?
- Intelligence Requirement: Are employees inadvertently exposing sensitive business documents through media (for example, photos, videos) shared on social media?
SCENARIO 3: TARGETING OF IDENTIFIED MISSION-CRITICAL EMPLOYEES
- Risk: Depending on the industry, the identification of individuals as mission-essential personnel may present unique targeting opportunities for well-resourced adversaries. Mission-essential personnel in the critical infrastructure sector may be value-rich targets for recruitment or compromise.
- Intelligence Requirement: What information about my organization’s mission-essential personnel has been publicly exposed on the internet?
- Intelligence Requirement: Are there indications of targeted reconnaissance against my organization’s mission-essential personnel?
SCENARIO 4: EFFECTS OF WORKING FROM HOME ON EMPLOYEES’ MENTAL HEALTH AND TEAM COMMUNICATION
- Risk: Continuous and long-term working from home can create a sense of isolation in employees, which in turn can lead to low morale. This environment (combined with the anxiety introduced by the COVID-19 pandemic) may worsen team dynamics, stifle innovation, lower productivity, and increase individuals’ susceptibility to malicious social engineering attempts.
- Intelligence Requirement: Has there been an increase in social engineering attempts against the employees of the organization?
- Intelligence Requirement: Are employees attempting to access fringe or extremist content on the internet that may lead to radicalization?
SCENARIO 5: BUSINESS LINES BEING REDIRECTED AND/OR RETOOLED TO SUPPORT COVID-19 RESPONSE EFFORTS THAT ARE NOT TRADITIONALLY SUPPORTED BY THE COMPANY
- Risk: Employees look to the internet for guidance on best practices and regulatory concerns associated with new business or manufacturing operations. It may be unclear whether a website is an authoritative source or a malicious watering-hole site.
- Intelligence Requirement: What COVID-19-related websites have recently been established that employees are attempting to access?
- Intelligence Requirement: Are users installing software and/or downloading documents from unvetted sources?