Cybercriminals Exploit Coronavirus Confusion
Cybercrime has exploded since the onset of COVID-19. The global pandemic has caused uncertainty and lightning-speed changes in our technology use, allowing cybercriminals to capitalize amidst the confusion.
Large-scale data breaches increased 273% in the first quarter of this year compared to the same time last year.
Workplace Changes Create Security Challenges
The trends of employees new to working from home and consumers conducting more business online have led to the uptick. Businesses have abruptly shifted to virtual workspaces, and many had to take security shortcuts to allow this change.
The sudden surge in virtual work scenarios expanded the opportunity for cyberattacks. When the pandemic first hit, many companies found their systems were not designed to take on the increased load of a mostly-remote staff. To get employees up and run — understandably — the focus of IT teams was on availability and allowing employees to access the tools and data they required to work from home.
A shocking statistic: 85 percent of Chief Information Security Officers admitted they had sacrificed cybersecurity to enable remote work quickly. And 25 percent reported ransomware or other malware intrusions in the first three months of the pandemic.
Virtual workers may also be distracted and let the guard down when they are online, as they are also navigating change and uncertainty. They are often increasingly using company-issued laptops to conduct personal business, creating another potential blind spot in a company’s cybersecurity strategy.
Security Magazine reports that 73 percent of respondents admit to extensively using their company-issued device for personal matters, and 60 percent acknowledge an increase in frequency since starting to work remotely during the pandemic. The most common activities are checking personal email (47 percent), carrying out financial transactions (38 percent), and online shopping (35 percent).
Plus, all the home and virtual work environments have extended corporate networks exponentially, making it hard for IT staffers to keep up.
Another contributor to the jump in cybercriminal activity is all of us spending more time online.
When people began staying home in March due to the pandemic, e-commerce traffic increased by 23 percent in the first week of the lockdowns. It’s no surprise that nearly a quarter of Americans – 22 percent – admitted they’d been targeted by digital fraud related to COVID-19.
E-commerce fraud had already been soaring. Between 2018 and 2019, there was a 347 percent increase in account takeover and a 391 percent rise in shipping fraud attempts globally among its online retail customers.
Another study conducted at the end of 2019 found that 61 percent of all Internet users in the United States had already experienced cybercrime. Our country ranks second globally behind India at 80% of users.
As the holiday season approaches and online shopping peaks even higher, we can expect expansive increases in the number and cyberattacks methods.
Attack Methods are Evolving
Last year only 16 percent of cyber intrusions were traced to malicious websites and web ads, but as we near the holiday shopping season within a global pandemic, a new iteration of phishing is emerging.
Consumer-focused phishing attempts are exploding onto the scene.
In 2019, phishing attacks continued to represent the leading cause of ransomware infections, nearly double the next cause. Sixty-seven percent of infections were attributed to phishing, with lack of cyber-security training being the second highest cause at 36 percent.
With the number of emails sent daily worldwide is projected at 306 billion in 2020 and growing, the essential need to protect our networks from bad actors seem overwhelming, especially as phishing attacks become more sophisticated.
Plus, a different type of phishing attack has emerged during the pandemic.
This attack sidesteps the employees and anti-phishing tools and goes after the consumer and their personal information directly. The most often goal is to perpetrate account takeover fraud and steal their money.
These attacks can impersonate well-known brands, creating substantial damage for the brands being spoofed — both financially and reputation-wise.
Another newer type of attack has been dubbed island hopping. Criminals take over companies’ digital transformation efforts, using their networks to attack customers and third-party partners. These attacks are up by 33 percent this year.
Simple Passwords Lack Protection
In the same study of ransomware infections, passwords were blamed 30 percent of the time for successful cyberattacks, either because they were reused or not complex enough.
Implementing multi-factor authentication is critical in today’s environment.
MFA improves your security posture by strengthening passwords with a second identifier (i.e., a code on your employee’s smartphone). Requiring a second credential takes the sting out of stolen or compromised passwords.
MFA is also a necessary compliance tool for many levels of compliance, including HIPAA and PCI. Identifiers and tokens can be delivered quickly and easily for remote workers, adding a layer of protection.
Discouraging reused, sequential, iterated, recycled, or simple passwords as part of your ongoing security program. Encourage the use of secure password storage vaults as an alternative.
Solving access problems for remote workers will also lessen the temptation to share passwords for convenience.
Employee Training Remains Key
Constantly training and educating users about good security habits will continue to be a necessary priority for IT leaders as our environments change.
A recent Security Magazine study highlights the risky behavior of employees using company-issued devices.
More than 1,000 respondents worldwide were asked about their use of work devices for personal business and their awareness level of today’s cyber risks. The results underscored the need for better awareness training, as users are clicking on links or opening suspicious emails despite having been trained.
Another alarming statistic is that nearly half (45 percent) of survey respondents admitted to opening emails that they thought were suspicious. The same percentage confessed to not reporting questionable emails to their IT or security teams.
Encouragingly, 96% of respondents claimed to be aware that links in email, on social media sites, and websites can potentially infect their devices, and 64 percent have even received special cybersecurity awareness training related to working from home during the pandemic.
However, this doesn’t always translate into putting this knowledge into practice.
Cybercrime Brings in Big Dollars
Experts estimate cybercrime yields above $1.5 trillion in revenue per year. Most of this revenue is realized on the dark web, a hidden part of the Internet that is a hotbed for criminal activity with 2 million active users.
The full Internet, which includes the dark web, is thought to be 400 to 500 times larger than the public Internet that most of us are familiar with. More than 75 percent of its sites appear to be marketplaces.
There has been a 738% increase in COVID-19-related terms on the dark web since March 2020.
Consider How to Respond to a Cybersecurity Event
As the dust settles and as workers settle into new workplace routines, many businesses are looking at potential extended virtual work arrangements and finding ways to secure their systems.
For large companies with plenty of resources, cybersecurity professionals are in high demand. On the other hand, small companies are finding it more manageable to hire services from a cybersecurity company.
The inconvenient truth is this: your business can be secure today, but not tomorrow. Sensitive data is stolen from corporate networks continuously.
Find out what to do if you experience an online intrusion. Download our report: Your Credentials Have Been Compromised, Now What?
We’re always here to help. Reach out by email or give us a call today at 314-279-5620.