The COVID-19 pandemic caught everybody unawares. Several businesses were forced to scale down operations or shut down altogether. Those that managed to maintain some semblance of normalcy had to make several rapid, unfamiliar changes, especially on the digital front.
To ensure business continuity, most organizations implemented new operating models and deployed several technologies without proper planning. Some of these changes resulted in increased risk levels by broadening attack surfaces.
COVID-19 and Increased Cyber Attacks
According to a recent study by Tanium, over 90% of organizations globally experienced an increase in cyberattacks and attempted breaches due to the Coronavirus pandemic. In the first quarter of 2020 alone, the FBI's Internet Crime Complaint Center (IC3) recorded a spike in daily cybercrime reports from 1,000 to 4,000. This trend is likely to continue even beyond 2021, and here's why:
More Remote Workers Means A Broader Attack Surface
To sustain normal operations without contradicting the government's social distancing requirements, businesses allowed most of their staff to operate from home. This means that employees have had to carry corporate gadgets to less secure home-office environments. With several devices connecting to your organization's network from multiple locations miles away, it's almost impossible to monitor all of them and prevent unauthorized access. Besides, this broadens the playground for hackers, creating some 'hackers paradise.'
In some cases, businesses had to allow employees to use personal devices for remote work. These gadgets usually do not have the same cybersecurity features as your corporate devices, making them far easier to compromise. Connecting them to your system, therefore, exposes you to more threats.
COVID-19 Forced Some Businesses To Scale Down Their Cybersecurity Strategies
The pandemic has lead to the scaling down of operations, and consequently, a reduction in revenue generation for almost every business. As a result, organizations had to cut down on costs in areas like cybersecurity that have no direct impact on production. This meant abandoning some plans meant to enhance your cybersecurity posture in 2021 and beyond, hence making you more vulnerable.
COVID-19 Came With More Phishing Opportunities
Scammers never waste crises. They always align their campaigns to take advantage of ongoing pandemics, and COVID-19 is not any different. Here are some common phishing scams during the Coronavirus period:
- Fake notices from health organizations: Hackers frequently fabricate messages from the CDC or state health departments pretending to educate your staff on keeping safe from COVID-19. A typical spam notice will have a malicious link or image that redirects your staff to a page that encrypts files or steals their logins.
- Fabricated office updates: Another common trick is fake notices from employers about updated procedures and policies to mitigate the COVID-19 risks.
- Appeals for help: Hackers may also send you phony messages asking you to help victims of the virus. Such spams solicit money from targets directly.
COVID-19 Forced Businesses To Make Rushed Changes
The COVID-19 pandemic caught everybody unawares. Therefore, businesses had to make several on-the-spot changes to survive. Most of the technologies were implemented in a rush without forecasting their ramifications. This resulted in half-baked operating models with several backdoors, leaving corporate networks more vulnerable to hacks.
How To Keep Your Company's Systems Safe
If there's a lesson you can draw from the COVID-19 pandemic and related cyberattacks, then it's that cybersecurity begins with the basics:
- Do not trust anyone: Always assume that you're the next target and everybody within or without your organization is a potential threat. Therefore, you should verify any user thoroughly before granting them access to your systems. Invest in the latest firewalls, effective password complexity and expiration protocols, and robust intrusion detection and prevention mechanisms.
- Regularly assess your systems: As more details continue to come out about the infamous SolarWinds cyberattack, it has now emerged that the hackers were in SolarWinds' systems more than nine months before the actual hack. And this is not a new thing; present-day bad cyber actors camp in victims' networks for months to learn their systems before launching an attack. Regularly assessing your network can help you identify and thwart potential threats before they become severe hacks.
- Train your staff on cybersecurity awareness: Employee negligence contributes to over 70% of cyberattacks. That's why it's essential to regularly train your employees on how to identify and avert threats and fast-response protocols in case of a breach. You might also want to launch occasional simulated attacks to gauge your staff's preparedness levels.
- Maintain reliable offline backups: Even as you proactively plan to avert breaches, you cannot overlook the possibility of an attack. Nobody is entirely safe. Having easy-to-retrieve offline backups can significantly reduce the impact of a breach since you'll have most of your critical files needed to sustain basic operations.
LeadingIT offers 24/7, all-inclusive, fast, and friendly technology and cybersecurity support for nonprofits, manufacturers, schools, accounting firms, religious organizations, government, and law offices with 10-200 employees across the Chicagoland area.