Development of a Hybrid Policy Development Framework to Combat Cyber Threats During Crisis Events

1. Introduction

Throughout the Covid-19 Pandemic there has been a significant increase in cybercrime that has affected employees working from home. Employees being outside of the office has highlighted a weakness in the standard business cyber security model as the new threat landscape puts individual workers at greater risk being outside of the secure office. Since the pandemic began, worldwide governments have had to put into place several lockdown measures spanning several months to combat the virus at peak times (Institute for Government, 2021). During these lockdowns employees of all ranges had to carry out their work digitally from home, this in turn created a large panic for business owners as they struggled to get their employees able to work digitally without losing out on any business. As a result of quickly switching to virtual working many businesses didn’t consider the security measures that were needed to fully protect their employees while working from home, this neglect for cyber security/awareness has led to a rapid increase in cybercrime from the initial start of lockdown to present day with 59% of the increase being phishing/scam attempts (Interpol, 2020).

At time of carrying out this project the threat landscape clearly shows an increase in targeted attacks against employees that are working from home, the most common threats found throughout the pandemic include: Ransomware, Cryptojacking, Email related threats and Disinformation(European Union Agency For Cyber Security, 2021). The 2021 threat landscape also sees a specific increase in working from home employees being targeted by using attacks tailored around the fact that they may not be able to easily contact people from their office. The increase in cybercrime that has come about from Covid-19 has made it clear that there are significant gaps in a majority of businesses when it comes to their cyber security, which is why the need for a “Hybrid Security Policy Framework” that businesses can adapt to is so prevalent. These gaps in security that leave workers open to the aforementioned increased cyber threat have in part been caused by the lack of formality that comes with working from home. Due to the informality of working from home employees are likely to take a lax stance to security policies which when combined with out-of-date cyber awareness training can leave businesses exposed to threat actors (Kaspersky, 2020)

The proposed solution to tackle the risk of hybrid working in the case of future crisis events when working from home may be the only option for a business to carry out its day-to-day activities is to create a Cyber Security framework dubbed as a “Hybrid Policy Developmental Framework.” This artefact will use data collected to determine areas in hybrid work that are most susceptible to cyber threat and require an adaptable hybrid working policy the most. The framework will include procedures that employees are to follow as well as cyber awareness resources created from research being carried out to identify the weak points in a business. This solution will be based around the “ELINAD” development framework mentioned later in the report, basing the artefact around this framework allows for consideration of new risks and threats that have been identified throughout the pandemic allowing for businesses to quickly adapt should they no longer have access to their office.