Home / Blogs

The Impact of a Pandemic on Cyberattacks and Business Continuity Plans

A new survey of security and IT leaders by csoonline.com sheds light on how organizations across industries are dealing with the COVID-19 crisis, how prepared they were when the pandemic first hit, how vulnerable they are, and what the long-term impact on companies may be.

Unsurprisingly, the survey found there has been an increased number of employees working from home. It also found that more than 26% of survey respondents said their organizations have seen an increase in the volume, severity, and scope of cyberattacks since March 12, 2020. Only 54% of survey respondents indicated their pandemic (business continuity) plans prepared them for the current situation.

As our reliance on the internet and its underlying infrastructure of domain names, domain name system (DNS), and digital certificates has increased dramatically during this pandemic, so has the threat of these digital assets being attacked.

In our recent white paper, “Beyond the Firewall: Implementing DNS Defenses to Mitigate Online Vulnerabilities and Threats”, we explained that DNS forms the underlying infrastructure for how the internet works, serving as a directory to point users to the right web content. But when DNS goes down, websites go down. When that happens, the logical thing is to use phones and email to keep business running. However, that’s not possible, because downed DNS means no email, no phones (VoIP), and no remote employee login through virtual private network (VPN). It also disallows file transfer protocol for moving large datasets and various multi-factor authentication services (for example, email, Google®, and Microsoft®).

We explain further that the simple-looking acronym, DNS, belies the complexity of the system that is made up of a worldwide web of separate entities working in a relay of information exchanges. This complex nature exposes the DNS to multiple potential points of failure, as each point in the system could be vulnerable to attacks, such as a distributed denial of service (DDoS) attack, DNS hijacking, DNS cache poisoning, and domain shadowing, to name a few.

Since the failure of these digital assets can clearly lead to a significant impact in terms of lost revenue, data, and brand reputation, secure digital asset management is a boardroom discussion and should be included in your business continuity plan (BCP).

The Business Continuity Institute’s annual BCI Horizon Scan Report identifies the top 10 business continuity threats for the next 12 months, as reported by 569 global respondents. And perhaps surprisingly to some, digital assets play a contributing factor in five of these risks:

  1. Cyber attacks. DNS is vulnerable to a whole host of cyber attacks ranging from DNS cache poisoning, DNS hijacking, domain shadowing, malware, DNS tunneling, DDoS and phishing attacks, as well as the exploitation of expired digital certificates.
  2. Data breaches. Cyber attacks against digital assets are increasingly used to steal data, either by masking another attack vector or by directly taking advantage of poor security and management of assets.
  3. Unplanned IT and telecom outages. If a company’s domains or DNS fail, then every way it communicates using the internet can fail. If that happens, how would an organization communicate with clients and employees?
  4. Critical infrastructure failure. If you are relying on staff being able to work from home during a pandemic or while you’re implementing your business continuity plan, you must secure VPN as a critical piece of infrastructure, and that includes securing your digital assets.
  5. Supply chain disruption. Since a failure of company domains and DNS will grind to a halt the ability to communicate, how would a business maintain operations and supply chain?

Boards are responsible for understanding risk. It’s clear from what I’ve outlined above that digital assets are at risk of poor management and the threat of third-party attacks.

If you’re unsure how robust your approach is to managing corporate digital assets, use the CSC Domain Security Checklist. It’s a free resource based on our defense in depth security approach that walks you through pertinent questions and identifies risks that may not have been considered.

For a more in-depth consultation, CSC Security CenterSM will analyze your portfolio and identify security blind spots to help you mitigate cyber threats.

If an incident occurs as it has done recently in the shape of COVID-19, the actions of the board and the organization’s BCP will be closely watched in the court of public opinion, the legal courts, and by lawmakers.

By Ken Linscott, Product Director, Domains and Security at CSC

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byCSC


Sponsored byVerisign

New TLDs

Sponsored byRadix

IPv4 Markets

Sponsored byIPv4.Global


Sponsored byDNIB.com

Domain Names

Sponsored byVerisign