The first nationwide lockdown was implemented in Italy on 9th March 2020. The IT employee sitting in Buenos Aires could not have imagined a 234-day lockdown at that point. The US of America could not have predicted the loss of 1.1 million lives over the couple of years that follow. The world of commerce was busy grappling with the second-largest global recession in recent history.
When the Covid-19 outbreak revealed its pandemic nature, cybersecurity did not get a front seat in the congregation of neo-normal priorities — at least not early enough.
In this post, we’ll analyze the impact of the Covid-19 pandemic on the cyber-crime landscape as well as cyber security pandemic.
Breaking Down the Pandemic-Era Cybersecurity Crises
In retrospect, the challenges pertaining to cybersecurity during the pandemic can be attributed to three fairly simple, interrelated situations and a bunch of ensuing complexities.
- The rapid virtualization of workspaces
- The adoption of technologies that made it possible
- Stress, unrest, and anxiety
The Rapid Virtualization of Workspaces
Remote work comes with a lot of features – some are good for productivity and some are somewhat detrimental to business, especially for a company’s morale. We will not go into much detail about the pros and cons of remote work environments. We’ll just pick two areas that are the most relevant to our inquiry.
When businesses had to forego the luxury of physical meetings they had to depend on platforms like Zoom to conduct virtual meetings, webinars, and conferences. Enter ‘Zoom-Bombers’ – hackers who brute force into your Zoom meeting to simply ruin it, or even worse, to steal sensitive information.
Globally, businesses have been quick to respond to the pandemic with BYOD. Among other things, it meant, an employee was being granted to enterprise data without the protection of enterprise-grade security. Mix that with human error and the rare but real cases where an employee nurtures malicious intent, you get a deadly security threat.
Between February 2020 and May 2020, almost 500k people were affected by data breaches through video conference apps. Hackers used a process called credential stuffing to steal thousands of names, email addresses, passwords, and user IDs. They simply used previously stolen data to brute force into accounts banking upon the human tendency of using the same credentials for multiple accounts.
The key issues at a glance
- Lack of supervision and technical control gave leeway to employees with malicious intent.
- The environment was perfect for cybercriminals to thrive – they knew that adequate measures were not being taken to secure the rapid digitization of business processes.
- Script kiddies (‘junior’ hackers with less technical skills) saw this as a great opportunity to hone their skills.
The Adoption of New Technologies
Businesses did not just have to find a way to have conferences, they had to improvise and find ways to somehow virtualize every aspect of a regular workday. They needed more powerful product management tools, more robust data management capabilities, and more efficient tools for seamless collaboration.
This meant two things
- The business was now susceptible to vulnerabilities hosted by a very wide range of digital vendors.
- The employees, working from home were often using applications and tools that were not even authorized by their companies, to do company work.
It took companies a while to fully recuperate from the immediate cybersecurity crisis in the first half of 2020. Nearly 16% of respondents in a survey in Switzerland reported having experienced a cyberattack during the pandemic. In the first half of 2020, the UK lost 11 million pounds to cybercrimes that were directly related to Covid-19.
What would be the ideal response from enterprises?
- Regular security assessments are a must. If there are more ways in which vulnerabilities can creep in, you need more frequent tests to ensure they don’t.
- Businesses need proactive cyber threat intelligence. They need to identify the attack surfaces and prioritize protection.
- Businesses need governance, risk, and compliance (GRC) solutions for better risk management.
- It’s a good idea to have cyber-crises simulations to prepare for an attack situation.
- Zero trust is the way to go. Companies should grant access to data and applications based on need and not by default. More importantly, the access must be taken back when it is no longer needed.
Before we go on and explore the final aspect of the relationship between the Covid-19 pandemic and cybersecurity, let’s go over some insights from a fascinating report published in the ISACA journal. Based on the report we can break down the actions of managers, employees, and cybercriminals into three phases.
During the initial days of the Coronavirus outbreak, the managers expected it to be a brief event.
Employees did not look at it as anything more than a break for their children from school.
Cybercriminals were keenly monitoring the increased usage of different kinds of websites, the way people were consuming information, and the rising angst about the situation.
Businesses started leaning into survival mode. Managers wanted to take care of the employees they depend on. They wanted to save resources and somehow outlast the crisis.
Employees, like their managers, started hoarding. The focus was on healthcare and taking care of close family members.
Cybercriminals saw an opportunity to exploit the changing habits, new priorities, and evolving business policies.
Managers, trying to grapple with the new realities of the workplace, maximized focus on regaining productivity and making the most of new technologies. Every business was in a hurry.
Employees started using personal devices and installed app after app to enhance their efficiency. Unregulated file transfers, unorthodox modes of communication, and uncontrolled access muddied the waters really fast.
Cybercriminals had a tailor-made situation. Lack of validation and weak security policies made both businesses and employees extremely vulnerable. They targeted specific industries like healthcare and government bodies.
Stress, Unrest, and Anxiety Play in Favor of Cybercriminals
Crime in general thrives on stress and anxiety among its victims and cybercrime is no exception. According to a report published on 17th April 2020, Google had seen 18 million Covid-19-related email scams daily in the previous week. In another survey, 52% of the respondents expressed that they make more mistakes under stress. Add that psychosocial phenomenon to a covid-stricken world of uncertainties, and you’ll see why 47% of tech employees clicked on Phishing emails during work.
Hackers have made full use of the mass anxiety built around the pandemic. There were instances where scammers impersonated FTC operatives to steal bank account details through email promising the victims money from a Covid fund that was, obviously, fake.
There were fraudulent attempts to lure people in with antibody tests, personal protection kits, and other covid-related scams. It was easy for the scammers and the hackers because the people were anxious. Even a security-conscious individual under duress can click on a suspicious link that promises them crucial information about the pandemic.
Takeaways from the Cyber Security Pandemic
Calling the covid-19 pandemic an unplanned disruption would be a grave understatement but in essence that is what it was for most businesses. Few could have planned for a disaster of this scale. But a lot of businesses actually made it through with rapid adaptation and skillful improvisation. The whole experience came with a lot of lessons for the future.
- Business continuity plans are deemed more important now than ever
Business continuity plans refer to the strategies put in place to regroup resources and continue operations after an unplanned disruption. It may pertain to the virtualization of operations or imbibing security practices into the development cycles.
- Cybersecurity has to be proactive as opposed to being reactive
It starts with creating security policies that account for disasters. The employees of a company should be well aware of the policies and there should be ample protection against email fraud, phishing, and similar threat factors.
- Vulnerability assessment should be a regular affair
Point-in-time security tests are no longer enough to keep your security posture in constant check. Vulnerability assessment has to become a part of your software development lifecycle. Continuous vulnerability scanning combined with periodic penetration testing with the help of a reliable pentest provider can help you stay ahead of the changing cyber threat landscape.
- Incident response plans
Incident response strategies are super important. It is a good idea to organize bug bounties from time to time. Blue team operations can also be effective to prepare your business to prevent cyber attacks. But in the event of a breach, a solid incident response can be crucial.
- Endpoint protection
While hackers do not necessarily launch attacks through endpoints, they often use them to lay backdoors and wait for an opportunity to enter the IT infrastructure.
- Partner with a comprehensive pentest provider
You need a pentest provider that helps you keep a constant eye on your security posture. A vulnerability management dashboard combined with abilities to collaborate with security experts. Partnering with a solid pentest provider makes it possible to build defenses against emerging threats.
We Have Come a Long Way
The days of the lockdowns were like a festival for hackers. The pre-covid era saw 20% of the new malware, while 35% of malware in the covid era was new.
At the same time, more and more cybersecurity solution providers have come forward to create awareness and build solutions for remote work environments. The overall effort put in by businesses to secure their digital fronts has also been quite impressive.
It all boils down to how fast you are adapting to the new conditions, and that is something the pandemic has taught us, in terms of security, business, and life.