The pandemic has undoubtedly ushered in a new wave of appreciation for remote work for numerous companies attempting to stay afloat and maintain business operations during these rough times. The truth of the matter is that working from home has turned out to be the new normal. In fact, a recent Pew Research Center report based off of data compiled by the Bureau of Labor Statistics found that prior to the pandemic, just 7% of individuals worked with a company which offered a flexible work option such as remote work. Fast forward to a few months into the pandemic and a whopping 64% of individuals are currently working from home.
However, the recent expansion of remote work opportunities has given rise to an increase in cyber threats and attacks, specifically those targeting businesses and playing off of the pandemic. If you’re interested in learning more about the state of cybersecurity during COVID-19, as well as the various steps you can take in order to protect your company from cyber attacks during this time, then this article is just for you.
COVID-19 Cybersecurity: A Rising Threat
The data is in and the numbers don’t lie. The shift towards remote work has resulted in a marked increase in cybersecurity threats, especially those relating to the coronavirus. You see, attackers have found an opportunity in this pandemic — the opportunity to exploit our fears and voracious desire for information. There’s no denying that our access to information becomes greater with every passing day. However, with this comes a sensory overload of sorts; an influx of conflicting, misleading, and blatantly inaccurate information all jumbled in together with nuggets of truth. This leaves us desperate for answers — and desperation is something which hackers are well adapt at exploiting.
In a recent interview with the Wall Street Journal, Sherrod DeGrippo, senior director of threat research and detection for Proofpoint, noted that the instance of malicious emails, specifically those mentioning the coronavirus have “increased significantly”. A few months into the pandemic, the World Health Organization reported a “fivefold increase” in cyber attacks directed at its employees. In one notable instance, approximately 450 employee email addresses and passwords were leaked online. The attack also targeted “thousands belonging to others working on the novel coronavirus response”. This led the organization to publicly address the rise in cyber attacks and to warn the public to “remain vigilant”.
Even Google has officially weighed in on the state of affairs by releasing information about their recent attempts to combat pandemic-related cybersecurity threats. According to the tech giant, Gmail is getting hit with a whopping 18 million hoax emails regarding the pandemic every single day. The company also recently reported that there has been an “explosion of phishing attacks” and that they have been consistently blocking over 100 million emails as such per day. Google furthermore stated that the virus could quite possibly be the “biggest phishing topic ever”. That’s right, folks. Ever. Keep in mind that these numbers are in addition to the 240 million spam messages relating to COVID-19 that are received on a daily basis.
To make matters worse, attackers are becoming increasingly more savvy. We’re not talking your average, run-of-the-mill advance-fee or Nigerian prince scams. Hackers have taken a much more sophisticated approach lately. For example, people are receiving emails which appear to be from business partners or institutions or even those which are altered to look like a company purchase order for PPE requesting payment or personal information. Many of these emails often impersonate authoritative or government agencies such as the World Health Organization or the Center for Disease Control and Prevention.
Okay, so there’s been a surge in remote work. It’s only natural to assume then that there would also be a surge in cyber security stocks due to a higher demand for computer security products, right? Believe it or not, many cyber security companies are actually underperforming due to the fact that the weakened economy is causing businesses to tighten their purse strings. This is especially the case for companies in hard-hit industries.
We understand that times are hard and budgets are tight, but we cannot emphasize enough the importance of prioritizing security. This is especially the case during the pandemic where there has been an increasing reliance on cloud-based apps and remote access to company systems. If anything, now is the time to ramp up security and ensure that your company is doing all that it can to protect the business, your employees, and your customers. Now more than ever people are looking to you to see how you weather the storm. Be an example and don’t throw caution to the wind.
Coming up with a Game Plan
Do you have a strategy for improving cyber security during the pandemic? If not, take a page out of PricewaterhouseCoopers’ cybersecurity team’s playbook and follow this 7-step approach:
- Create a response plan. If you haven’t already done so, take the time to create an official response plan or improve upon your existing one. This also includes identifying key players in the process, especially those involved in communicating with “stakeholders…customers and the media”.
- Beef up on security. Leverage various security software solutions which can help you remain proactive in your defense by identifying and mitigating risks before they become an issue.
- Remote access management policy and procedures. Have you established and/or implemented a policy and set of protocols when it comes to remote access to organizational systems? PwC’s cyber experts suggest multifactor authentication, limits on RDP access, extra scrutiny of remote network connections, and IP address whitelisting.
- Device protection. Are your devices adequately protected against threats such as malware? Is everything up-to-date? Are there any vulnerabilities or opportunities for improvement?
- Make sure your supplier portals are secure. PwC’s experts suggest both mutlifactor authentication as well as risk-based authentication, especially when it comes to applications which give suppliers access to important information or the ability to make significant changes that could potentially have an impact on financials.
- Fortify processes related to financial transactions. This may mean implementing a protocol which requires phone or email confirmations regarding payments and/or change requests.
- Teamwork. Two heads are better than one, or in this case, interdepartmental coordination of efforts is key. This includes working with risk and fraud management teams in order to help improve cyber security processes and responses.
Knowledge is Power
When PwC conducted a simulated phishing attack on companies, they found that a whopping 70% of phishing emails were able to be effectively delivered to their targets and that as much as 7% of individuals who received these emails ended up clicking on a dangerous link. Now, 7% may not seem like a lot, but when you put things into perspective, the truth of the matter remains that all it takes is one individual to click on one link in order for your company’s entire system as well as all of it’s employees and customers to be compromised.
We cannot emphasize enough how important it is to ensure that your employees are well educated and trained when it comes to identifying, handling, and reporting potential cyber threats and suspicious activity. It’s not enough for employees to simply have a general awareness of the state of affairs and to be told to remain on the lookout. In order to truly be effective, take the time to educate and train employees in a formal setting. This may mean holding a meeting or inviting an expert to conduct an awareness and/or training session. In the event that a significant portion of your company’s staff is working remotely, this can be accomplished via video conferencing or by taking an online course.
COVID-19 has ushered in a new wave of remote work opportunities which many companies are using in order to maintain business operation during the pandemic. However, the expansion of telework has left many companies wide open and vulnerable to cyber attacks. Perhaps the most important advice you can take away from this article is to continue to put cyber security first. Many businesses are operating in uncharted territory and as a result, now more than ever they are increasingly susceptible to threats and attacks.
However, with that being said, there is at least one positive we can take away from the current state of affairs, and that is knowledge. We’re talking a knowledge of trends, a knowledge of patterns, a knowledge of ploys and tactics. We know that attackers are feeding off of emotions and exploiting fears relating to the pandemic. We know that now more than ever we must remain vigilant and continue to prioritize security. They may understand and exploit our weaknesses, but the more we learn about their strategies, the more we understand theirs. Prioritizing security, creating a strong defense, and having a response plan in place are essential components to effectively mitigating the risk of cyber attacks, but so to is providing your employees with the proper knowledge, education, and training so that they are able to handle what comes their way. Remember, your employees are your company’s frontline of defense — are you doing your part to ensure they’re well equipped for battle?
Have you taken any steps to ramp up security during the pandemic? Do you have any tips you’d like to share? Let us know in the comments below!