The outbreak of the novel COVID-19 virus has changed the way companies around the world run their operations. With the intervention of our ever-improving technology, we seem to have found our way around this paralyzing standstill. Many companies and organizations have quickly adapted and utilized strategies to keep their operations running without having to risk the health and safety of their workers. Most organizations require their employees to work from home, while they are connected to the regular network operations, using digital tools.
As health and safety remain a priority in the minds of organizations, and with the enforcement of social distancing rules, it’s quite easy to overlook cybersecurity threats. There’s no question that cyber-criminals around the world are capitalizing on the current crisis. While companies continue to receive several complaints about phishing attacks and ransomware from customers, businesses and large organizations remain the biggest targets and have more to lose in terms of their brand image, loss of confidence by customers, and exposure of confidential and important information.
For instance, the World Health Organization (W.H.O.) has reported that 450 active WHO email addresses and passwords were leaked online along with thousands belonging to others working on the novel coronavirus response. Historically, the issue of increased cybersecurity threats is not specific to the COVID-19 virus pandemic. Cybercriminals have always exploited global disasters and crises to their advantage. In Brazil, criminals seeking to capitalize on fears surrounding the Zika virus organized a malicious spam campaign in 2016.
With economies and business organizations around the world already taking severe hits from the pandemic, it’s only necessary that they protect their interests from cyber-threats that can cause further damage. The global economy is at risk under the current global pandemic. Are hackers, cybercriminals and fraudsters trying to take advantage of the chaos?
Relationship Between Global Crises and Cybersecurity Threats
Opportunism is a core human nature. Hackers are taking advantage of the pandemic situation to spread false news embedded in links that could potentially expose companies’ data to cyber-attacks. The proliferation of false information with the sole intention of misleading people into making wrong decisions can wreak havoc on organizations.
Companies and organizations are expected to protect not only themselves but their employees and customers from potential threats. In the Brazilian case, cybercriminals used the Zika virus to spread malware by impersonating Saúde Curiosa (Curious Health), a health and wellness website.
When a potential victim clicks the link attached to the email, it leads to a shortened URL link which is then redirected to a Dropbox, where the Trojan virus JS. Downloader, known to download malicious files from the web and execute them on an infected PC, lies in wait.
As organizations now utilize online and digital tools to sustain operations, cybercriminals are more alert and quickly recognize these wide-spread disruptions and capitalize on them. It’s become inevitable for businesses and organizations to fully or partially transition into remote working via teleconferencing and email as the primary tool of communication. The risk of cybersecurity threats has also increased exponentially.
Older outbreaks such as the Spanish Flu, Smallpox, and the Bubonic plague had less global impact compared to the recent crises due to lack of the uncommon sophistication trade practices and globalization characteristic of the current reality. But it killed several million. The Ebola outbreak, for instance, had several cybersecurity threats related to it, leading to losses close to $53 billion in both social and economic losses in West Africa alone.
How Has the COVID-19 Virus Affected Businesses and Organizations?
If we are to understand the extent of damage that the pandemic has wreaked on economies and financial performances of organizations, perhaps we would realize how vulnerable we are to further damage resulting from cybersecurity threats. Our knowledge of the wreck that this virus has left in its wake will put the point in a clearer perspective that this is when organizations ought to be warier of cybersecurity threats.
Apart from falling oil price caused by the lockdown and thus, lower demand, and a slump in Dow Jones Industrial Average and global shares in general (in fact, the Dow and the FTSE saw their biggest quarterly drops in the first 3 months of the year since 1987), other effects of the pandemic on financial performances include an increase in unemployment rates, risk of recession and unsurprisingly a mass tilt towards technology.
We’ve mentioned this point earlier that organizations and businesses under government orders have required that their operations be conducted offsite and remotely. More than ever, there’s a reliance on digital tools and platforms. This has led to an increase in shares held by tech companies such as Zoom and similar platforms since people now use video conference calls and email to hold meetings or get tasks done unlike before when this technology was an afterthought or used when distance makes physical meetings impossible.
The Cybersecurity Threats Associated with COVID-19
Unfortunately, the increased reliance on digital tools and networks to facilitate operations and as a source of information for people in the lockdown has created a situation for cyberattackers to launch their assault. Below are the cybersecurity threats on the increase; which organizations must watch out for:
Phishing was one of the major cybersecurity threats prior to the COVID-19 virus pandemic. However, with the increased activity of email exchanges due to remote work, there’s been an alarming rise in phishing attacks. This abrupt shift is likely to confuse staff when detecting what email message is or isn’t a fraud. Cyberattackers use knowledge about COVID-19, and general uncertainty to carry out phishing attacks. Apart from email phishing, there are also SMS phishing, and credential thefts.
The sphere of the attack will spread as more companies order their employees to work away from the workplace at their homes, without the same network security equipment or infrastructure. Malicious hackers have exploited opportunities to spread malware like phishing for the sole purpose of spreading malware. With the increased anxieties surrounding COVID-19, it’s become easy for these attackers to infect computers with malware.
There was a confirmed record that a Johns Hopkins University-produced interactive dashboard of COVID-19 infections and deaths is being used in malicious websites (and likely spam emails) to spread password-stealing malware.
Other popular strategies that cyber-attackers use to deploy malware include supposed phishing emails from various government health ministries or the World Health Organization, selecting phony customer advisories, then pretending to provide customers with updates, tax rebates, informing the receivers to visit a fake website, thereby obtaining financial and tax details, etc.
An increasing number of companies and organizations continue to implement the work- from- home policies in a concerted attempt to manage and slow the spread of the COVID-19 pandemic. Citizens, consumers, and workers now rely more on digital resources to obtain regular updates about the progression and development of the virus.
Although this is an inevitable change in the wake of a pandemic, allowing remote employees to continue the business operations can be potentially dangerous without the same network security equipment or infrastructure usually in place at their new workplace, that is, their homes.
RSI Security’s team of cybersecurity professionals will walk you through several ways of protecting your employees, customers, and organization as a whole from cybersecurity threats in this challenging period. Our comprehensive analysis of the risks that vulnerabilities pose allows your organization to develop a robust, formal threat and vulnerability management program that reduces the potential impact on all your critical applications and networks. Contact us now to enjoy our amazing threat and vulnerability management services.