The COVID-19 pandemic posed challenges for global businesses, shifting work home and necessitating robust COVID-19 cybersecurity. Governments’ restrictions led to a significant remote workforce, highlighting the importance of COVID-19 cybersecurity. Technology’s role surged in personal and work lives, underscoring COVID-19 cybersecurity’s significance. However, the rapid shift lacked proportional COVID-19 cyber safety measures. Cybercriminals thus escalated attacks, demanding enhanced COVID-19 cybersecurity.
This article will discuss the impact of COVID-19 on cyber threats and how organizations should counter the new emerging threats raised during the pandemic.
THE INCREASED FOCUS ON CYBERSECURITY
The increased dependence on remote work calls for more focus on cybersecurity to counter the new security challenges and the risk of changing the working environment. Since the beginning of the Covid-19 pandemic, the world has witnessed a considerable increase in cyberattacks especially, phishing, fraudulent websites, and direct attacks on companies (e.g., attacking RDP and VPN providers, teleconference hijacking, and ransomware).
HACKING
Organizations reported increased hacking attempts during the pandemic, according to FBI, the number of cybersecurity complaints reached 4000 per day. This is a huge increase (about 400% increase from what they saw before the coronavirus pandemic). The Interpol also published a report about the increased cyberattacks against government entities, critical infrastructure, and big enterprises during the pandemic. Cybercriminals found the pandemic as an opportunity to increase their criminal activities by exploiting the vulnerabilities of remote employee’s devices (as individuals working remotely do not have the same level of security protection measures compared with a working environment), and playing on people interest for any news related to the coronavirus to lure them with phishing emails, and convince them to visit fraudulent websites that contain malicious computer code used to steal visitors login credentials.
VIDEOCONFERENCE HIJACKING
Another cyberthreat that evolved during the pandemic was attacking teleconference services such as Zoom. Due to the increased usage of teleworking activities, people become reliant on videoconferencing platforms to conduct meetings remotely, including conducting telehealth communications. The FBI has received multiple complaints regarding attacks against online video conferences with threatening language, pornography, or hate images.
The most notable example of attacking video conferencing services was the Zoom case. Security researchers consider Zoom application corrupted and suffer from many security flaws that enable hackers to intercept its video meetings. According to bleepingcomputer, over 500,000 Zoom accounts are being sold on the dark web and hacker forums for less than a penny each, and in some cases, given away for free. Zoom attacks were captured using credential stuffing attacks where adversaries try to login to Zoom using users’ accounts leaked in older data breaches.
DATA BREACHES
As more employees are working remotely, there was a significant increase in data breaches. For instance, disgruntled employees working from home are not subject to the same security controls imposed in the working environment. This increases their ability to conduct fraud and other malicious activities against their company.
Remote working employees are also more vulnerable to cyberattacks for many reasons. For example, employees’ computing devices lack the necessary technical controls compared with the devices existing in the working environment. Home Wi-Fi networks are also less secure and more vulnerable to attack than the connection available in the enterprise environment.
On the other hand, many small and medium sized organizations adopt ‘Bring Your Own Device’ (BYOD) approach, where employees bring their own computing devices (laptop, tablet, smartphone) and use them to access corporate data.
BYOD approach results in bringing insecure devices and attaching them to the corporate network. This brings severe threats to organizations’ files and data.
HUMAN ERRORS
The human factor was always considered the weakest element in any cybersecurity defense plan. Before the pandemic, human errors were considered a significant cybersecurity concern for organizations; however, this problem has become even bigger with the increased work from home mode.
While working from home, employees will be subject to interruption during work because of social visits, kids’ requirements, and other issues. These interruptions make them more careless and weaken their attention to cyber threats.
HOW EMPLOYEES AND ORGANIZATIONS CAN INCREASE CYBERSECURITY DURING THE ONGOING PANDEMIC?
Up to now, there is no sign that the Covid-19 pandemic is going to slow down; this means more employees are going to adopt work-from-home mode. To stay safe while using their computing devices remotely, employees should follow essential cybersecurity practices that help them to stay safe online
1.Install security solutions such as antivirus and antimalware programs and make sure to keep them up to date. There are also personal firewalls that can be installed on personal computers, Comodo Free Firewall is an example.
2.Educating employees about cyberthreats and how to counter them is consider a vital countermeasure to stop cyberattacks. For example, teaching employees how to send/receive encrypted emails is a great defense strategy against different cyberattacks. Understating how phishing emails look and how to check the authenticity of the sender’s address is essential to mitigate phishing attacks.
3.Employees should ensure that their home Wi-Fi network is configured correctly and does not suffer from any known security vulnerabilities.
4.Use a VPN. Any employee working from home must use a VPN service before accessing corporate files via the internet. VPN creates an encrypted tunnel between an end-user device and the web server, so all information exchanged through the VPN channel is fully encrypted.
5.Use a strong password to protect your RDP connection and other online accounts. For example, Brute-force attacks try to gain unauthorized access by guessing victim passwords. By using long and complex passwords, guessing them become extremely difficult and time-consuming.
6.Conduct vulnerability assessments: organizations should conduct regular vulnerability assessments to identify weak spots and work to fix them before exploiting them by threat actors.
Organizations should also consider security assessing employees’ personal devices if they are allowed to work from home and have access to organization files and data.
7.Organizations should keep their business continuity plans up to date and prepare for any cyber attack scenario to prevent ceasing their work.
8.Adopting new technologies and tools such as host checking, which works by checking the connected devices’ security status before granting them access to corporate systems.
9.Last but not least: Organizations should conduct different cyberattack simulations to remain prepared for any sudden cyberattacks.
SUMMARY
Cybersecurity remains a top concern for any organization utilizing computer systems to do its work in today’s information age. However, cybersecurity has gained more attention because of the evolved cyber threats during the pandemic. To stay one step ahead against cybercriminals, organizations should adopt proactive measures to counter cyberattacks.
CITATION
Khera, V., 2021. The COVID-19 effects on cybersecurity. [online] Linkedin.com. Available at: https://www.linkedin.com/pulse/covid-19-effects-cybersecurity-dr-varin-khera/ [Accessed 30 June 2021].
Connect with us today at www.cloudsecasia.com to safeguard your organization against cyber threats.
We are your premier cybersecurity solution and consulting provider in the APAC region