Cybersecurity threats and COVID-19: what are the potential challenges for your business?
While the real world is struggling with threats such as epidemics and financial crises, there is also a fierce struggle in the virtual world in an attempt to counter cybersecurity threats. Alas, companies, organizations and individuals can undergo such attacks. The COVID-19 pandemic only confirmed this, having an unprecedented impact on various areas of human life, including its modern technological state, as well as the economy and finances.
As various experts on cybersecurity note, often economic and financial downturns in the global economy entail an increase in the likelihood of cyber threats for both business and individuals. For example, the crisis associated with COVID-19 provoked:
- The increase of fraudulent free services: platforms for video conferencing, online training, online movie theater subscriptions, fake mobile food delivery apps, etc.
- Increased risk of corporate espionage.
- Grown number of targeted cybersecurity threats on the financial industry employees.
- An increase in the number of cybersecurity attacks on medical facilities.
- Growth in the number of insider cybersecurity threats caused by those categories of employees who are reduced in salary when switching to a remote mode of operation.
- Increasing fraudulent activity in the tourism industry (money transfer centers of airlines, hotels, etc.).
In this situation, it's time to take care of ensuring the cybersecurity of your business and employees, if you have not already done so. What kind of cybersecurity threats your business should be warned with special vigilance now, how to protect your company from them in the long term - more on that later.
Social engineering cybersecurity threats - the main problem caused by a crisis
The greatest danger in this difficult time are the so-called social engineering cyber attacks. This type of cybersecurity threats is often correlated with various extremely important situations widely covered in the media, for example devaluation, terrorism, the Olympics, etc. As APWG data for 2019 show, the following industries are most vulnerable to such cybersecurity attacks:
Number of phishing attacks by sector
Moreover, the situation continues to worsen because of the current pressure and speculation on the health and quality of people’s life. It is not surprising that, according to some experts, social engineering cybersecurity threats speculating on the new coronavirus as “bait” dominate in an unprecedented way. For example, according to Cynet, since the end of February 2020, the number of phishing attacks in Italy has tripled! According to CheckPoint, over the past two weeks in March, the number of cybersecurity attacks has increased tenfold. Thus, the frightening situation in the field of information security clearly correlates with the level of biological security.
Perhaps the most dangerous in these conditions is business e-mail compromise (BEC). It’s designed to trick a victim into transferring confidential data or funds - personal or corporate - to the criminals' accounts. According to PwC, the main the most vulnerable to these cybersecurity threats are manufacturing, financial, pharmaceutical, medical and transportation companies.
But regardless of the business, the hackers have one goal - to steal credentials in order to infiltrate organizations and endanger information systems. If successful, such cybersecurity threats can open the door to even greater fraud, primarily related to payment systems, as well as the quality of services.
The danger and insidiousness of such cybersecurity attacks is that the senders of scammers’ letters are usually disguised as legitimate, for example:
- healthcare organization (as a rule, under the United Nations World Health Organization); company manager;
- IT support service (or vice versa, if the letter is sent to the IT support service, the source is disguised as a legitimate user);
- an insurance company (for example, the message body indicates that the recipient ran out of health insurance at the time of the epidemic); charity non-profit company;
- financial or trading company (with very advantageous offers during a pandemic); the educational center;
- supplier (usually electronics from China);
- tax company;
- travel or airline.
It is worth noting that according to the TrendMicro study, spam mailing covers more than 65% of social cybersecurity threats. “In just the last week, we saw that the number of phishing emails has increased from 25,000 to 125,000 — 500%, which means the risk is real,” commented Andrew Jackson, CEO of Intercity Technology. Therefore, companies should clearly inform their employees that they must follow the correct algorithms when it comes to potential phishing emails, and suspicious emails should not be opened.
Other cybersecurity threats
The email phishing following the outbreak of COVID-19 is just the tip of the iceberg. As businesses increasingly rely on indispensable digital tools — virtual private networks (“VPNs”) and remote meeting software — hackers have begun to use these tools to gain unauthorized access to company networks. For example, Zoombombing, where uninvited users share their screens and spam real visitors with interfering images, has become rather common in meetings organized with public Zoom links. The frequency of these cybersecurity attacks prompted the FBI to warn of the risks of such incidents and of possible disruptions caused by uninvited guests.
The number of data leaks has also increased. The gaming industry is particularly vulnerable now, since players began to spend much more time at the computer, and their accounts became the subject of hackers interest. Even such a giant in the gaming industry as Nintendo could not avoid cybersecurity threats encounter. As a result more than 160,000 user accounts were hacked. This incident demonstrates how the $100 billion video game industry is becoming “a growing target for cybercriminals,” said Anurag Kahol, technology director for data protection at Bitglass.
Experts also record an increase in the number of mailings containing certain malicious attachments. In all cases, the scheme is similar - it is recommended that the recipient open an attachment under the guise of work files sent by the head, top manager of the company, etc. According to statistics, most often hackers use archives and image files for this.
So, it was all about the cybersecurity threats, but what about the ways to counter them?
How to secure your business from cybersecurity threats
Currently, there are many solutions in the field of information security and international recommendations o for secure remote access organization.
In particular, the recommended cybersecurity measures are:
- Using remote access to the organization’s network strictly with two-factor authorization and providing appropriate technical capabilities.
- The prohibition of using third-party services for access to the corporate network that connect through intermediate servers and independently carry out authorization and authentication.
- Providing network segmentation and separation of access rights. It is desirable that even remote user activity is covered by perimeter security features of the organization.
- When working with home computers, it is recommended to use terminal remote access to the network to a virtual workstation with all installed information protection tools. It is also necessary to check whether email is protected by two-factor authentication.
- Automatic check of all services and equipment that are used for remote access for updated firmware and security patches. Another option is to access these services only through a VPN, protected by two-factor authentication.
- Ensuring the availability remote user actions logs, as well as the presence of a timeout for an inactive remote connection, requiring re-authentication.
One of the most optimal solutions to this situation is to use our own custom-developed software with a secure server infrastructure. In this case, the owner of the software is able at his discretion to introduce as many features to counter cybersecurity threats as he sees fit. Moreover, this decision will not lose its relevance even after the crisis. Well-protected software and corporate data make it possible to protect your business from irreparable damage that can be caused by hacker interferences from the outside
During the outbreak of COVID-19, the entire IT world faced a unique challenge in the field of information security. Taking into account the experience of secure work in computer networks during a pandemic is invaluable in organizational and technical terms. At the same time, this epidemic clearly demonstrated the need for improving security approaches and thinking out new ways to ensure it.
One thing is clear, if you are a business owner and you need to guarantee the safety of your business in the information field - you need to take care in advance to develop a custom solution that takes into account all the nuances of cybersecurity. Well, in order to develop a really high-quality solution, you must have good specialists who can help with this.