The Pandemic's Effect On Cybersecurity
- With the spread of COVID-19, cybercriminals have begun moving their efforts from corporate to domestic attacks.
- Cybercriminals use powerful techniques during the pandemic but to a much greater degree, including phishing and Business Email Compromise (BEC).
- In the US specifically, phishing and BEC activities are now largely focused on COVID-19 scams.
- The switch to remote operations throughout the industry revealed new challenges related to physical infrastructures at home, such as secure printing and Wireless LAN systems.
- The rapid, widespread launch of new home devices greatly expanded the number of possible access points for cybercriminals, with the vast majority of digital printers operating wirelessly and connected to other computers on the Internet.
New Cyber Risks Identified
The remote working environment also identified new risks from insiders, as workers began to link to existing networks with devices that do not always have the required safety parameters. This has led the industry to new risks due to well intense individual workers.
They have found new and sometimes innovative ways to cope with technological difficulties to accomplish their job, such as using personal computers and email accounts, while working under severe limitations. Some businesses are already tackling these problems through an increase in employee training in the field of cybersecurity and the creation of state-of-the-art protocols for their employees.
How Have Organizations Responded To COVID-19 Security Threats?
The business sector has adapted well, to the surprise of some. Organizations that have traditionally been slow to improve their information security practices have responded rapidly to COVID-19's increased cyber risk.
Specific cyber-hygiene tools like the two-factor authentication have become more ubiquitous, while many companies' remote management of functions previously inaccessible offsite has also been allowed.
As the number of highly-targeted BEC attacks increases, moving to a distant workplace could potentially disrupt the proven cybercrime model. Specially designed to exploit human intelligence, BECs typically hack senior managers' emails with fraudulent payment demands.
To succeed, modern criminals use a variety of strategies to gain confidence in social engineering. This method can require several months of study as these criminals access emails from an organization and identify their target's language habits.
The movement of victims is most frequently followed up by the BEC attacks while the target is traveling or leaving work and can't confirm the nature of false statements, usually through money transfers. Despite global travel bans and improved transparency for business leaders, the ability of malicious actors to leverage senior managers' inaccessibility is limited.
As a consequence, some cybercrime can be less successful as the overall number of attacks is increasing.
With the interconnection of markets and the ability for cyberattacks to spread quickly and internationally, the financial services industry is likely to be more vulnerable than others, and the pandemic effect poses further difficulties in mitigating attacks and restoring business services.
The full impact of COVID-19 appears to be uncertain; therefore, businesses need to concentrate on cybersecurity risk controls when collaborating with industry colleagues on emerging threats, best practices, and resilience.
About the Author
Avi Ben Ezra is the Chief Technology Officer (CTO) and Cofounder of SnatchBot and SnatchApp (Snatch Group Limited). He leads the Group’s long-term technology vision and is responsible for running all facets of the tech business which includes being the architect of the platforms and UI interfaces.