Over the last 12 months, millions of workers have seen their office and working environment moved from corporate and government offices to their home, in a matter of days, effectively turning flats, houses, and even garden sheds into new remote offices. This change in working conditions and location brings significant risks through unsecured WIFI, unprotected computing equipment and insufficient access controls. This has presented malicious actors with multiple opportunities to breach businesses’ networks, steal users’ credentials, and lockdown computers and extort money through ransomware demands.
This pandemic has forced businesses to quickly find new ways of working, keep operating, and retain employees. When businesses sent their employees home, they sent them to work from an environment that was much less secure than the internal company network’s confines. The employees were away from a network where the organisation did not manage the pieces of equipment. It led to the playing into the hands of hackers, as they see this as easy pickings.
A sustained and wide-spread cyberattack could leave wide-spread infrastructure failures and take entire communities or cities offline, blocking healthcare workers, government systems, and networks.
In this article, we shall look at the seven reasons why cybersecurity matters more during a pandemic.
Reason 1: Hackers Target Home Workers
When the government started issuing work from home orders (WFH), businesses that didn’t already have a remote work component rushed to get it in place before the shutdown. They put in place only a patchwork of security measures that provided little protection. With millions of workers working from home, this has led to millions of employee-owned devices connecting to corporate networks across the world. With fewer security measures, it could offer the scope for a more significant attack vector for hackers. This has presented more immense opportunities for data theft and ransomware attacks.
Employees use credentials to access enterprise systems and applications. When these are used in conjunction with an unsecured network and unmanaged personal device, it could leave businesses open to hacker attackers, who will look to intercept credentials of remote workers. Implementing and maintaining identity security should therefore be a top priority.
As we continue into 2021 and the pandemic is still here, businesses need to move past 2020’s shock and start adopting Bring Your Own Device (BYOD) policies to get to grips with the nature of remote working, investing in VPN access and implementing gateway controls.
Reason 2: Reliance on Digital Tools
The COVID-19 pandemic has been compared to the 1918 Spanish Flu, the Great Depression, and even World War II in terms of the impact that it has had on human behaviour.
To control the pandemic situation, governments took precautions like social distancing methods. People were asked to undertake quarantine measures. Our behaviours shifted from offline to online - working, shopping, learning and entertainment to comply with these government mandates. This has resulted in an accelerated adoption of digital technologies among the global population, both at a personal level and for business.
This rapid move to digital has effectively made the internet a channel for widespread human interactions. It has become the primary method for the way we work, contact, and support one another during our day. With more reliance on cloud-based services, mobile and computing devices, hackers have a wider choice of targets to choose from.
In today’s context, if a cyberattack took out an organisation that then deprived a family of access to a service, data, device or even the internet, it could be devastating. It could even lead to death in the worst case. A sustained and wide-spread cyberattack could leave wide-spread infrastructure failures and take entire communities or cities offline, blocking healthcare workers, government systems, and networks.
Reason 3: Ransomware to Stay
When we look at cybercriminals’ behaviour, they often use world events to exploit fear and uncertainty by launching cyberattacks. They often use social engineering campaigns that leverage malicious emails to hook their victims to install malware by clicking links or installing fake apps, restricting them from accessing their systems, devices, or data. Criminals then demand a ransom to enable users to regain control.
There is also evidence to suggest that remote working significantly increases the risk of a successful attack and even more so during a pandemic. This is due to weaker home networks, fewer security controls on users’ devices, and a higher chance of users clicking on COVID-19 themed ransomware due to anxiety.
If we look back at 2020, in April, it was reported that there was a 148% rise in ransomware attacks, with financial services being the primary target. In the second quarter of 2020, the average ransomware payment had increased by 60%, up to nearly $179,000. This rise coincides with big game hunting arriving on the scene.
Unfortunately, more government, healthcare facilities, and educational establishments are deciding to pay ransomware because they are more concerned about losing access to their systems and data. The faster and more sophisticated the attacks will become.
Reason 4: Hackers Prey on People’s Concerns
COVID-19 was first detected in December 2019; by January 2020, phishing scams started to emerge, preying on confusion and fear about the virus. It became wide-spread with hackers posing as healthcare providers.
The reason for the increased level of attacks is that humans are weakened during a crisis, mainly if they are prolonged. Humans make mistakes that they probably wouldn’t have done at other times.
When this mistake happens online, and you trust someone with your data that is not who they say they are, it can be very costly indeed. It is estimated that 98% of cyberattacks are deployed using social engineering methods. Cybercriminals capitalise on popular topics and trends, and a pandemic is like a pandora’s box to them. They can be very creative with their techniques to exploit users and technology, giving them access to passwords, data, and networks.
For example, in 2020, cybercriminals targeted people looking for COVID-related visuals like active cases and mortalities. The malware was hidden in a map that could be loaded from a trusted source. When somebody visited the map, they were asked to download and run an application, which then compromised the computer and allowed hackers to access sensitive information, such as user credentials.
Reason 5: People Spend More Time Online
The more time we spend at home, the more time we spend online. Not only do we have adults accessing the internet, but children are doing so more often, whether to access study material, researching, or personal browsing. Inadvertently, the more time we spend online, the riskier our internet behaviour. For example, users could be susceptible to downloading malware from a compromised website by visiting obscure websites to access pirated films or play games.
Also, there could be additional risks when these sites request banking information to allow viewing or to install a desktop or mobile application. Not only could this infect their computers and networks to malware infection, but it could also lead to financial loss and identity theft.
With families looking down and quarantining together and unable to visit or spend time with other family members or friends, families have relied on online technology for their entertainment needs, even more than they ever have before. In the UK, it has been reported that Britain’s internet users spent nearly 5 hours a day on average during the peak of the first wave of the COVID-19 pandemic. We must take steps to secure our browsing and access to the internet, especially when children are concerned.
Reason 6: Most Business Meetings Conducted Virtually
As large numbers of workers are using their homes as their new remote office, and with face-to-face meetings cancelled, many have turned to video conferencing software platforms to continue to engage with their clients and co-workers to remain productive. They were enabling an accessible and affordable way to allow the remote workforce to continue working.
However, this increased reliance has also provided cybercriminals with a perfect opportunity to drop in on unsuspecting users, send spoof messages, hijack session controls and launch malicious attacks.
Zoom, one of the most popular online conferencing tools, has overgrown during the pandemic. It is estimated to have added more than 2.2 million active monthly users to its subscription base in 2020; this compares with under 2 million users added for the whole of 2019. In early 2020, more than 500 thousand people were affected by breaches of video conferencing services, and user credentials were stolen and then sold on the dark web. Cybercriminals would then use the same credentials to gain access to other accounts using the same username/password combination.
Reason 7: Human Error Heightened during Pandemic
People play a big part in adverting cybercrimes. Still, when a pandemic comes, these same people become stressed, agitated, and make bad decisions that lead to being more susceptible to cyber scams, whether during office hours or whilst they are on their own time. With most companies reporting an increase of attacks since the beginning of the pandemic and human factors, the opportunity of a breach becomes much more likely.
Remote working isn’t going away. Whilst employees have greater flexibility, business processes and systems have been stretched. The combination of a lack of centralised security, fractured IT systems, home working and a global climate of stress is a perfect breeding ground for cybercriminals to launch an attack.
Nobody knows when this pandemic will subside and normal operations will resume. Whilst we know that home working has many benefits, cybersecurity can be a real spoiler. So, with the global shock and stress of the COVID-19 outbreak, you’ve also got a big cybersecurity headache on your hands. And, this is real.
Businesses must ensure that the office to home transition has been fully secured and doesn’t bring about data breaches or attacks on the industry by cybercriminals. This pandemic has taught us that preparation is key to limiting these risks, and acting quickly can soften the impact of a cyberattack. Companies should prioritise initiatives to address cybersecurity gaps, and employees need to take additional precautions when accessing the internet from home and monitor their children’s access.