The coronavirus pandemic has seen a dramatic increase in cyber crime. Research from cybersecurity firm Checkpoint shows there were an estimated 200,000 coronavirus-themed attacks taking place weekly by the end of April, up from 5,000 every week in February.
That same month, security agencies in the UK and US released a joint statement confirming they had seen a “growing use of COVID-19-related themes by malicious cyber actors”. Officials warned that the ”surge in teleworking has increased the use of potentially vulnerable services, such as virtual private networks (VPNs), amplifying the threat to individuals and organisations”.
Businesses, in particular, have felt first hand the effects of growing cyber crime during the coronavirus pandemic. With the vast majority of firms adopting remote working to protect their staff and abide by lockdown restrictions, their attack surface has widened and they have become lucrative targets for cyber criminals. The experience has, however, offered some important lessons for the future even after the COVID-19 pandemic ebbs away.
Lucrative targets
In all industries, businesses have faced immense cyber security challenges throughout lockdown. Jake Moore, a security specialist at ESET, says cyber criminals pounced on the vulnerabilities of dispersed workforces and their IT systems.
“Remote working has brought flexibility, but it has also dramatically altered business processes and systems in order to cater to a distributed workforce. Employee access to IT departments, and vice versa, has changed which we must adapt to. Collaboration and teamwork are facilitated virtually, and a lack of face-to-face communication can hinder direct channels of communication,” he warns.
His view is that training has been crucial to making employees aware of the increased cyber security risks during the pandemic. Without this, remote teams would have been left exposed to hackers. Moore tells IT Pro: “Some of the baseline security measures taken for granted in the office must be compensated for at home, such as requiring home workers to use multi factor authentication or a VPN to access internal networks.
“Reminding workers to enable automatic updates and check the security of their own Wi-Fi networks is also crucial as the first line of defence against cybercriminals. Ideally, the remote workforce will always also be using company issued devices and remain fully vigilant to the constant and persistent threats.”
People come first
Given that millions of people have been working remotely in lockdown, it has been vital for businesses to take appropriate steps to protect them. Tris Morgan, director of security advisory services for BT, says: “As a fundamental principle of security, you need to know what your assets are and where your data is – and many companies have massively increased their distribution and ways of accessing data over the last 6 months.
“Yet in the midst of these huge changes to operations and technology, the COVID-19 crisis has taught us that it’s still absolutely crucial to focus on people, as they remain your first and best line of defence. If you invest in ensuring that they have the necessary understanding, systems and tools to secure their actions, then you can prevent the vast majority of cyber attacks – what we call the human firewall at BT.”
He points out that data loss prevention tools have also played an important role during the pandemic, saying they provide another layer of defence against individuals’ actions. “For example, organisations with secure backups of data massively reduce their vulnerability to ransomware, while access and identity management tools can greatly mitigate risks around insider threat,” explains Morgan.
“Ultimately, though, creating a culture of best practice security behaviours is key – as many of your biggest cyber risks are still contingent on the decisions people make, which can undermine the best technologies and protections,” he adds.
Don’t underestimate social engineering
There has also been a significant increase in COVID-based phishing campaigns in the last few months. Steve Preston, senior vice president of growth at TrapX Security, was targeted by phishing when he began a new role during lockdown.
“I actually started a new job during the pandemic. My update on LinkedIn triggered a phishing email from ‘my boss’. The timing and the context made the attempt more effective and it gave me pause to consider the human element of phishing,” he says.
“We are all experiencing a new employment status one way or the other. We are working alone, using new tools, and living a more digital existence – we are giving attackers more context and more material to work with. We are in unfamiliar waters. We are more anxious, more eager, and more uncertain and that makes us more vulnerable.”
The IT Pro Podcast: The psychology of security
How hackers exploit our brains as well as our binary
What’s clear is businesses shouldn’t play down the threat of phishing campaigns, as they have become more common and sophisticated in this crisis. Preston says: “Our corporate laptops may be locked down, but phishing attacks have skyrocketed because humans are more vulnerable than ever. Don’t underestimate the power of social engineering. By all means protect your endpoints, but attackers will get in. Take active measures to deny them free rein in your network.”
Cybersecurity is paramount
Throughout the coronavirus pandemic, cybersecurity teams have played a vital role within organisations – and their importance is a lesson in itself. Mark Ward, senior research analyst at Information Security Forum, says: “The obvious lesson is that all the talk about how quickly organisations can change are pretty much wrong. The swift response to the pandemic by security teams showed that, as a discipline, it can move faster. That's a useful moment as, in the past, infosec has been seen as a braking force on an organisation. Thanks to involvement in agile and other methodologies, infosec was shrugging off that reputation and by now it's a label that just doesn't stick.”
“Another aspect of this lesson is it underlines the importance of info sec to organisations - they really need it to survive and its worth has been amply demonstrated. As we come out of lockdown and start to negotiate the economic fallout it has caused, that should be borne in mind - skimping on cyber could have dire consequences,” he adds.
2020 Cyber Threat Intelligence (CTI) survey
How to measure the effectiveness of your CTI programme
The final lesson, he says, is looking after cyber staff. Ward says: “They have been under enormous pressure over the last few months and that will not let up for a while. CISOs, working with colleagues in HR, should make sure that people feel supported, are getting help if they need it and are being listened to – they have been the creators of the change and will have great insights into how an organisation has changed.”
Businesses of all shapes and sizes have been the targets of cyber criminals’ desire to take advantage of the coronavirus pandemic. Consequently, organisations have had to deal with a range of online threats, and that has presented huge lessons to be learnt from a cyber security perspective.
