Over the past year, entrepreneurs have focused on how to do business during the global COVID-19 pandemic. The public health crisis has been an opportunity for fraudsters and hackers, and the result has been an increase in losses (compared to the second-worst period on record) by over 50 percent. Let’s consider the situation, and how it is—unfortunately—getting worse.
Huge Business Losses
Due to cybercriminal efforts, hundreds of millions of dollars that should be available to businesses are not. Over the past year alone, almost two billion dollars have been stolen from businesses, as compared to $600 million in 2019… and that isn’t even taking the $380 million that firms have paid in response to ransomware attacks into consideration.
Hackers will commonly direct their attacks toward larger companies, often those in the financial services, energy, and manufacturing industry sectors. Why? Simple: these companies are often vulnerable, with larger losses from their downtime events.
Attacks Are Up
This year has been largely unprecedented, with huge numbers of people working from home. Unfortunately, many of these people are doing so without the requisite cybersecurity protections in place. As a result, cyberattacks are happening at a rate of approximately 4,000 each day… an increase of about 400 percent during the past year alone.
Adding to the cybercriminal’s list of attacks, the COVID-19 pandemic has given hackers increased opportunities to shape their attacks. Cybersecurity professionals are seeing a lot of attacks utilizing the current crisis to manipulate their targets, as well as focusing on the organizations dedicated to researching a COVID-19 vaccine.
In addition to the critical data these organizations hold, there is a lot of pressure to overwhelm these firms… which potentially leaves them more vulnerable to attack. Many cybercriminals have jumped on this opportunity, including one group known as APT29. APT29 has been identified by both the Federal Bureau of Investigation and Interpol as a particular threat, targeting research being conducted in the US, UK, and Canada.
Ransomware has also been on the rise as remote work has been more commonly implemented, as remote workers tend to be more vulnerable to these attacks. This, paired with the continued interest in recent coronavirus developments, have led to many successful strategies being deployed by cybercriminals. These strategies have included:
- Emails that claim to have information about COVID-19 vaccines and shortages of PPE.
- Messages claiming to be from the government about stimulus payments.
- Free downloads for video and audio conferencing solutions, a major communications strategy during the pandemic.
Hackers have also become cleverer in what their ransomware attacks do, with some directing the data to the hacker after a payment is made to decrypt it so that the owner must pay up twice.
How to Respond
For your business to survive this pandemic, you first need to be aware of how the situation has impacted the cybersecurity space and complicated matters. Three of the biggest challenges are as follows:
- Many businesses were not prepared to properly implement remote work before it was required for their business to function. This only increased the difficulties that these businesses faced.
- Due to this, many of the preventative measures and security monitors were traded off in favor of more efficient remote capabilities.
- Moreover, attackers are still using COVID-19 as bait to lure their targets into their schemes.
To counteract these issues, you need to take a holistic and inclusive approach to cybersecurity preparedness. Here are some elements you need to strongly consider:
- Training – Your team can either be your weakest point or your strongest asset, in terms of your security. Make sure they are educated about the different ways a cybercriminal can try to manipulate them, and what to keep a lookout for.
- Keep Backups – A comprehensive disaster recovery strategy, including a maintained offsite data backup, will help ensure your operations should an attack disrupt them.
- Patch Software – Software vulnerabilities can let in attacks, so make sure that all your solutions are fully updated and patched.
- Separate Home and Work – If a work profile is available on a device, use that functionality to avoid personal and professional data overlap and to better mitigate threats.
Protecting your business can be a challenge, but it isn’t one you need to face alone. For assistance, turn to the professionals at Hexafusion by calling 604-679-2223.