COVID-19 has undoubtedly changed the cybersecurity landscape. Interpol has noted that cyberattacks have risen at an alarming rate all over the world; furthermore, many cybercriminals are transitioning from targeting individuals to attacking governments and critical health infrastructure at a time when national agencies and the medical industry are struggling to contain outbreaks and deal with the aftereffects of extended lockdowns. To make matters worse, the international law enforcement agency doesn’t expect the rise in attacks to come to a halt when a COVID-19 vaccine is released. As Interpol Secretary General Jürgen Stock reports, COVID-19 has brought about an increased dependency on the internet and cybercriminals will simply transition from COVID-19 related attacks to phishing scams related to the new vaccine.
What sorts of cyberattacks can companies expect now and in the future? Are certain countries having more problems with certain types of cyberattacks than others? IT managed service providers the world over weigh in, offering their views, insight, and professional opinions to help business owners navigate what is sure to be a treacherous IT landscape for the foreseeable future.
Ian Brady from Steadfast Solutions has experience working with business owners throughout Australia. He reports that email attacks have been on the rise throughout the nation. Australia has also been hard-hit by spear-phishing attacks and “copy-paste compromises” that specifically target software programs that haven’t been regularly updated or patched to prevent cybersecurity vulnerabilities. Australian PM Scott Morrison recently announced that he believed the surge in attacks was linked to a “state-based actor”, a vague reference that experts believe could refer to China, Russia, or North Korea. To prevent future attacks, the Australian government recommends the use of two-factor authentication and prompt patching of any operating systems and programs that connect to the internet.
The UK is also dealing with a surge in cyberattacks. Recent statistics show that phishing is the most common cyber threat in the UK. Ransomware attacks are down across the nation but businesses should be warned that dealing with the aftereffects of a ransomware attack is more expensive in the UK than other nations. What’s more, nearly one in three cybercrime insurance policies in the UK don’t cover ransomware attacks. At the same time the UK, along with the United States and Canada, have accused a Russian-based hacking group known as APT29 of being responsible for a rise in attacks on government and diplomatic institutions, think tanks, healthcare organizations, and energy companies. While Russia has vigorously denied the charges, it can be said for certain that attacks on the above-mentioned entities are on the rise across the world. Financial institutions are also facing an unprecedented 238% rise in cyberattacks such as social engineering attacks, island-hopping attacks, ransomware, and other forms of malware.
Myles Keough, CEO of IT managed service Spade Technology in Massachusetts in the US, aptly notes that many companies both in the United States and abroad traded in cybersecurity for convenience as they rushed to tweak corporate IT set-ups to allow employees to work from home during the economic lockdowns. The rush to create a workable set-up that would allow staff members to do their jobs from home has weakened corporate infrastructure, making it possible for cybercriminals to exploit new vulnerabilities and gain access to previously inaccessible corporate data. Email phishing and remote desktop protocol port scanning are on the rise in the United States. Ransomware attacks have risen by 109% In the United States in the first half of the year even though these attacks have only risen by 20% in other parts of the world. Moreover, as Keough points out, it typically takes over one hundred days to detect a data breach. This means that, as bad as the current cybercrime statistics are, there are likely plenty of ongoing attacks the victims don’t even know about yet.
While cyberattacks are becoming increasingly complex, the solutions to many of these attacks are quite simple. The FBI recommends that companies choose software vendors with care, use passwords to protect teleconference and video calls, install software tools to block phishing emails, verify website addresses sent via email or displayed on a pop-up, and double-check last-minute changes in wiring instructions and bank information. Furthermore, the agency warns that individuals should never share meeting links via unsecured methods such as open websites or social media profiles, open email attachments from unrecognized senders or enable remote desktop access functions unless absolutely necessary. Keough adds that many companies will likely rethink their cloud platforms and the allowance for using personal devices for work purposes in order to remedy corporate cybersecurity gaps. Other experts point out the important role employees play in helping to prevent cybercrime. Human error is the leading cause of data breaches, which is why business owners are advised to regularly remind their employees about the importance of following corporate cybersecurity guidelines, being mindful of email attacks and phishing scams, and reporting cybersecurity incidents as soon as possible.
Cyberattacks are on the rise all over the world as cybercriminals take advantage of hastily arranged COVID-19-related IT set-up changes to surreptitiously breach vulnerable targets. Even so, the exact type of attacks organizations and agencies face will depend on various factors such as industry and geographic location. Even so, every business owner should be aware of the growing threats and take measures to eradicate them. Using best cybersecurity procedures is a good start, as even simple measures such as two-factor authentication, updating software programs, and using passwords for video calls and teleconferencing can significantly improve a company’s cybersecurity standing. At the same time, hackers are becoming increasingly sophisticated and sensitive targets such as healthcare organizations, financial institutions, and government agencies will need to take sophisticated measures to prevent hacks that could cause untold harm to millions of people. While strong cybersecurity doesn’t come cheap, it’s far safer and more affordable than dealing with the disastrous aftermath of a malware attack or data breach.