Fear and urgency is easily the slippery slope of human vulnerability, and the pandemic has shown us just how powerful of exploitation it can be when it comes to cybersecurity. Inevitability and things eventually going wrong are deeply seeded in nature, and this rings true for both the pandemic and incidents of cyberattacks amidst it. Earlier this year, WHO reported a fivefold increase in cyber attacks since pandemic started and urges complete vigilance from the public.
Within our own means, we are aware of cyberthreats that exist – its types, its modus operandi – and we prepare ourselves in absolute scrutiny via security plans to avoid our businesses’ downfall to these threats. But what if we’re bound in uncertain circumstances beyond our control? Which is why more than ever, cybersecurity remains a constant – something we need to learn, unlearn, and relearn in a post-pandemic world.
The pandemic effect on cybersecurity
Deloitte summarised the different ways in which cybersecurity is impacted by the pandemic, which is rightfully reflected in current times. The fight against COVID-19 and its repercussions is a joint effort, and organisations will need to rethink their cyber risk management measures to prepare for the incoming norm after the crisis.
As remote working becomes the new reality of most businesses globally, large corporations, as well as small and medium enterprises (SMEs), are quickly adapting their critical processes to fit the new normal. The complete paradigm shift to WFH brings out a new concern: the security of remote workspaces and devices are almost always second to undisrupted service delivery, so it’s likely that employees working from home are barely protected by consumer-oriented solutions.
Fearware: An Exploitation of Pandemic Panic
Cybersecurity specialists have shed light on “fearware”: a new trend of cyberthreat that aims to deceive in times of global uncertainty, making anyone an easy victim. Indeed, to err is human – making it cybersecurity’s easiest fallibility. But the human barrier becomes even weaker when emotions are at play – and fearware exploits exactly that, joining forces with the existing lineup of online nasties.
Countless cyberthreats have revolved themselves around the theme of Covid-19 and the pandemic, ranging from malicious domains to scam emails. Playing on a person’s fear and urgency of personal health and safety is the sweet spot for these attacks to be successful.
- Malware via interactive websites
With widespread global communication being vital to curb the virus, cybercriminals are also hopping on it to masquerade their attacks. This includes malware-embedded interactive Covid-19 maps and websites, trojans and spyware, as well as spam emails with ‘impactful’ clickbait links (e.g. Covid-19 vaccine found… CLICK HERE!).
- Malicious domains
While some are legit, cybercriminals are getting crafty with thousands of new sites daily to execute spam and phishing attacks, as well as spreading malware. Registered domains may contain terms such as “coronavirus”, “corona-virus”, “covid19” and “covid-19” in the disguise of being informative.
Exploitation can extend to the most immoral act, and cybercriminals could care less. Hospitals and public health institutions have been targeted for ransomware attacks, and cybercriminals are confident that health officials cannot afford to be locked out of their systems due to the crisis and surrender to pay themselves back in. It’s also possible via compromised employee credentials or by exploiting a loophole in the system.
- WFH Cyber fraud
As working environments predominantly shift to remote spaces and devices, WFH fraud can likely happen. A further extension of spam emails and links, the simplest of cyberthreats now shapeshift into “from the boss” messages, emails, and phone calls made by cyber fraudsters masquerading as top management, often pushing employees to make immediate payments or bank transfers.
Mitigation and resilience for the next crisis
As the world shapeshifts into different currents, so will cybersecurity risks. For many enterprises who have fully accepted the remote working norm, it’s important to take these key actions on mitigating the evolving cyber risks that come with it:
- Ensure new remote working practices are secure
- Ascertain the sustainability of critical security functions
- Combat possible threats exploiting the current situation
The collective acceleration of enterprises into the cloud to facilitate remote workforces as well as provide agility and scalability will push security teams to function more effectively: from being risk mitigators for digital transformation to business enablers in a post-covid reality. Global pandemics and crises will actively be discussed in future plans of cyber risk management in organisations – as well as a rise in proactive cybersecurity.
Advancing ahead, some of the key questions organisations will need to consider to support business resilience in the face of crisis are:
- How do we ensure an undisrupted experience for customers?
- How effective is our critical data protection plan?
- Where are our critical assets and services placed?
- Who gets authority over our network and how will they access it?
- What controls should be updated and reoriented to function in a remote-working environment?
An end-to-end scrutiny of future security plans, however, boils down to this: the people themselves will remain as critical cyber defenders. Hence, the human barrier crucially needs a mindset shift to duel against cybersecurity challenges in a post-pandemic, digital world. It’s clear that cybersecurity comes hand-in-hand with digital transformation, and the Covid-19 global crisis has rightfully pushed the duo to become the main agenda moving forward for most enterprises.
Stay protected with IX
New techniques of cyberattacks spike as they are in the pandemic, and will continue to evolve after. Without advanced protection, you may put your organisation at a higher risk. Leveraging the powers of machine-driven analytics and automation, IX Telecom’s cybersecurity experts are committed to making borderless connectivity not only seamless but also safe and secure. Reach out to us today!