Have you thought about the recent change in cybersecurity? 2020 hasn’t just brought the onset of the health pandemic but also the start of the cyber pandemic.
The COVID-19 outbreak has presented a huge challenge for businesses worldwide by forcing them to keep operating in spite of the shutdown of offices and various facilities. Remote working has provided cybercriminals with greater opportunities for cyberattacks due to the vulnerabilities businesses are exposed to.
The information below explains how Cybersecurity has changed after 2020.
An increase in cyberattacks
The COVID-19 pandemic was undoubtedly the top story on a global level for 2020, as the global health crisis has changed the way of life of millions of individuals worldwide. Although the focus in 2020 was mainly placed on the rise of the pandemic, this disruptive year will also be remembered as a year of cyber incidents that transformed society in multiple ways.
Despite the fact that technology enables personal and business communications to move online, such online changes have resulted in the rise of another growing pandemic, called the cyber pandemic. Hackers took advantage of businesses taking time to reconsider their work operations by making them targets of cyberattacks.
A large number of businesses and organizations have reported a dramatic increase in cyberattacks, including the World Health Organization (WHO). WHO reported a staggering number of cyberattacks directed at its staff members, along with email scams with the intention of targeting the public. Thousands of WHO passwords and email addresses were leaked, which prompted the organization to migrate to an authentication system that’s more secure.
Since April 2020, cybercriminals have exploited the challenges businesses cope with because of the change to teleworking. These cyberattacks include hacking, data breaches, videoconference and teleconference hijacking, and fraud. For instance, a myriad of companies has reported hacking incidents since March 2020. In most cases, attackers inserted computer codes that are malicious on their websites for the purpose of stealing the login credentials of users.
Videoconference and teleconference hijacking has also been increased since the beginning of 2020. Even the FBI released an official warning of teleconference hijacking following two such incidents in Massachusetts schools, which were zoombombed by cybercriminals gaining access to their virtual classrooms. Unfortunately, such attacks keep on occurring. Click here to gain a better understanding of zoombombing and the ways in which it can be stopped.
Moreover, videoconferencing services have been under an array of cyberattacks. In just a couple of months, from February to May 2020, over half a million people had their personal information stolen while using videoconferencing services, including their email addresses, passwords, names, etc. Afterward, the stolen information was sold on the dark web.
Many hackers rely on credential stuffing to gain access to the credentials of employees and later sell the stolen data to other cybercriminals. Those unfamiliar with the term credential stuffing should know that this form of cyberattack is used by hackers to gain access to more accounts by using usernames and passwords, which were stolen previously. Such actions are possible, as most individuals use the same combination of password and username for multiple accounts.
Another type of cyberattack that surged after 2020 is the data breach. A vast number of companies have become targets of data breaches due to the trend of remote working. The work-from-home precautions issued because of the COVID-19 pandemic have resulted in such security violations, in which confidential and sensitive information was stolen, copied, viewed, or used by unauthorized individuals.
Another instance of cybersecurity threats prominent since 2020 is fraud. Due to the sudden rise in fraudulent scams, the FBI issued another warning to businesses to be wary of business email compromise scams, particularly aimed at businesses performing transfers of funds. Such frauds also made municipalities a target, as most of them purchase supplies and protective equipment necessary in the battle against COVID-19.
The changing nature of cyberattacks
Since most companies have shifted to remote working, hackers have upped their game by developing new malware to infiltrate systems. Prior to the COVID-19 pandemic, approximately twenty percent of cyberattacks used methods and malware, which were previously unseen. Since the start of the pandemic, this percentage has risen to 35%.
In addition, a large portion of the new attacks relies on machine learning, which is highly adaptive to its environment and stays undetected. Consequently, phishing attacks have increased in sophistication by taking advantage of other channels like voice and SMS. The news used in phishing campaigns is on Covid-related topics and vaccine development. Follow this link, https://www.csoonline.com/article/2117843/what-is-phishing-how-this-cyber-attack-works-and-how-to-prevent-it.html, to learn what phishing is and how to prevent it.
The COVID-19 outbreak has provided cybercriminals with many opportunities they were previously deprived of. A crucial reason for the spike in cyberattacks is the “bring your own device” approach used by a fair number of small businesses, allowing their employees to use their personal gadgets to gain access to corporate information. Nevertheless, remote working fails to guarantee the same cybersecurity level as office environments.
When accessing corporate data from personal devices, users are more susceptible to cyberattacks. Home wireless networks are much easier targets for hackers. Additionally, human error has always been an issue of concern, even prior to 2020. It often happens for employees to be negligent and reckless when it comes to giving access to information to the wrong people. However, remote working has made the problem even more serious.
When working from home, employees are likely to be interrupted by visitors or family members, which makes them more careless than they usually are. Consequently, IT systems must be more adaptive to the change in working practices by introducing time-outs, automated controls, etc.
Home office cybersecurity threats
Since 2020, the work process has sustained enormous changes, as most of the workers were forced to work remotely, although many of them have never worked from home before. Despite it, over seventy percent of employers didn’t oblige their employees to attend special training on how to interact with corporate resources safely online.
As far as equipment is concerned, many businesses failed to provide their workers with corporate equipment. They allowed employees to use their home devices to connect to office IT infrastructure, although most of these devices weren’t properly protected. According to many studies, approximately 80% of remote workers use their personal computers for work purposes, while also using these devices to watch movies, play games, and enjoy other forms of entertainment.
The interest of individuals in online entertainment has been exploited by cybercriminals by luring them to fake websites and persuading them to download malware in the form of a movie or another file. Another home office cybersecurity threat is the use of unsecured channels for remote work. When working in the office, IT administrators are responsible for Internet channel securing, which isn’t the case when working remotely.
Another cybersecurity threat in home offices is the vulnerabilities in collaboration tools. In-office environments, employees could attend meetings in person. Anyhow, the world of remote working has increased the demand for collaboration tools and videoconferences, which appealed to cybercriminals. The risk of security gaps is huge, even in legitimate software programs for videoconferencing like Microsoft Teams and Zoom.
Protective measures
Businesses are required to take protective measures to adapt to remote working and reduce the risk of cyberattacks and threats. Cybercriminals keep track of the adjustments businesses make to take advantage of their vulnerabilities. There are certain precautions that companies can take to protect their employees, data, and themselves.
Data security policies and practices should be reviewed to ensure compatibility with remote work setups. These policies should be communicated to employees, and they should be reminded to follow the necessary practices while working remotely. Employee access to confidential information should be restricted by ensuring workers only have access to the required information for completing their duties.
As far as remote access is concerned, employees should be encouraged to use VPN (Virtual Private Network) access whenever possible, which provides an extra layer of protection. Staff members should also be advised to watch out for phishing emails by reviewing their emails diligently. Businesses should secure videoconferencing meetings by using the security features on the videoconferencing software, such as gaining access by invitation, locking meetings, using virtual waiting rooms, etc.
A final note
Cybercriminals are expected to continue exploiting the digital transformation of organizations.
Every business should take protective measures to minimize the risk of attacks!