There is nothing ordinary about the amount of disruption that will impact our lives moving forward as countries and states reopen following the coronavirus pandemic. In the context of the cloud, disruptions caused by COVID-19 have opened the door to another type of virus: cybersecurity threats. Today we are witnessing a rapid rise of opportunistic cybercriminal activity taking advantage of the chaos created by COVID-19.
Focal concerns about economic recovery and a potential second wave of human infection are abounding. Still, the concern for many companies should also include heightened cybersecurity threats that can easily break companies before they have a chance to relaunch. For the many companies that are already fighting to remain afloat due to challenges faced during COVID-19, a cybersecurity breach could quickly mean the end. As businesses navigate this “new normal,” they must address weaknesses in their IT strategies exposed by COVID-19 and consider implementing a better preparedness plan to avoid long-term damage.
New Workforce Scenarios Expose Gaps
Remote work has hastily spread everywhere, making IT departments justifiably cautious, even scared, as their users work in new environments with new tools including:
- Video Conferences
- File Sharing
- Virtual Desktops
- Group Chat
- Web-Based Applications and Tools
Incorrect use or misconfigurations create new cyberthreat opportunities to lurking bad actors. A missed certificate, a wrong setting, insufficient management, or unmanaged user training are all open windows for cybercriminals to sneak through.
Rapid Rise Of Major Security Incidents During the COVID-19 Crisis
The pace of major security incidents will continue to increase in the near future. While not uncommon, an increased frequency of ransomware, breaches, and exploits could be a harbinger of things to come. The month of May, for example, saw a staggering number of security breach reports:
A significant data breach at UK airline EasyJet led to the loss of information on more than nine million customers to “highly sophisticated” hackers, including credit card details of more than 2,000 customers.
The FBI issued a warning about a credit card skimming exploit that takes advantage of a plugin in the thoroughly used e-commerce platform Magento. As many as 1,700 sites may have been affected.
Bank of America reported an application data leak on a test server associated with customer Paycheck Protection Program (PPP) loans.
A report focused on small businesses (SMB) showed how they are facing the same spectrum of security and attack threats as large companies. News of remote takeover vulnerabilities on network-attached storage (NAS) devices to emerging ransomware infections amplify these concerns, with as many as half of all cyberattacks targeting small businesses.
An Age of Scams
Uncertainty, particularly in the early days of the pandemic, has resulted in a media blitz and information overload. Unfortunately, with too much information out there, misinformation, distrust and additional openings are ripe realities for cybercriminals to explore and leverage digital scams, such as:
- COVID-19 and Health Scams
- Unemployment Scams
- Stimulus Fund Scams
- Government Business Loan Scams
- Lawsuit Scams
- Fake Mask Scams
Uncertain Times Produce Organizational Threats
The managed chaos of cyber-threats is an everyday reality, but in times of challenge, chaos escalates exponentially. Scammers scale up attacks such as phishing, hoping to trick employees into releasing or transferring funds, improperly changing bank routing information, and installing malicious software. They try to get employees to give up credentials, click on ransomware in emails and more. Hackers know that users are prone to using the same password across multiple logins, which could also lead to breaches across other platforms.
This novel climate is a perfect storm for cybercrime activity. Post-COVID-19, businesses cannot afford to be compromised in this fragile world where any resource can serve as an attack source. If there was ever a time for hackers to open their cybercrime toolbox, the time is now. Please stay safe by exercising proper online security hygiene. If you are not sure, or if this is not your company’s competence, this is the time to ask for help from experts.