Do you know the need for cybersecurity training for your organization? If not, learn more about the importance!
By Susan Alexandra, Contributing Writer
Cyber-attacks, malicious activity, and phishing scams have significantly increased during this pandemic of COVID-19. With that, it has highlighted the importance of cybersecurity more than ever before. There have been reports of hackers and cybercriminals exploiting the pandemic with fake websites, money scams, and emails being phishing scams.
So, we thought of spreading awareness about cybersecurity. That being said, here are some areas for you to consider within your personal and organizational cybersecurity.
Phishing and the COVID-19 Pandemic
As the public seeks details on the global pandemic, coronavirus phishing attacks have targeted recent trends in news and statements released by governments.
As a result of coronavirus-related phishing attacks, the National Fraud Intelligence Bureau (NFIB) reported a 400% rise in scams.
Recent campaigns have also seen cybercrimes build emails masquerading and fake websites as official authorities, like the HMRC and World Health Organization, to compromise accounts, steal personal information, and hack malicious apps.
The most common scams are those which claim to share tips about how to prevent infection, access to personal protective equipment, provide financial support advice, and offer updates about virus spread.
According to a study, the click rate for phishing attacks has increased from less than 5% to more than 40% for COVID-19 scams. This number was increased significantly by provoking fear and curiosity amongst individuals.
Remote Work Vulnerabilities
Work from home has now become the new standard; however, there is a rise in threats for several businesses. Around 95 percent of Cybersecurity professionals claim they face additional challenges, with new remote work demands and increased threats.
The sudden change in circumstances has changed the way employees access business applications and increased the potential of future attacks.
To steal sensitive information, hackers exploit several vulnerabilities in unsecured Wi-Fi and to take advantage of workplace disruption.To stay safe from such exploitation, you must download VPN to keep your sensitive information safe.
With some workers forced to use personal devices for work tasks, the risk of malware finding its way on devices has also increased, resulting in personal and work-related information being compromised.
These devices also lack the resources built into corporate networks, including custom firewalls, corporate antivirus software, and online backup resources. The use of personal computers offers hackers many chances to exploit.
Some organizations are also urging their staff to turn off voice assistants and smart speakers like Apple HomePod, Amazon Echo, and Google Home devices to prevent fraudsters from listening to confidential conversations and conference calls.
The Northeastern University study shows that smart speakers accidentally activate as many as 19 times a day, recording as much as 43 seconds of audio each time. The latest research also shows that 59 percent of smart speaker consumers have concerns about privacy, with front and center undesirable listening and data collection.
Even in regular times, remote working can make people vulnerable to attacks. The current environment, however, has created the perfect storm where spammers, hackers, and scammers will thrive.
Zscaler researchers say they have seen a 15% -20% increase in hacking incidents every month since January, and a rise in hacking threats using terms like “Covid-19” or “coronavirus.”
Video Conferencing and COVID-19
Just like any other technology, video conferencing is also at risk for the privacy and security of personal information if not appropriately handled. With organizations and individuals increasingly relying on video conferencing, hackers have been targeting the opportunity quickly.
As a result, fraudsters and cybercriminals have managed to enter video conferencing calls as well as eavesdropping on private conversations, hijacked screen controls, and launched many malicious attacks.
Security issues were posed earlier this year when a UK cabinet meeting’s Zoom ID was posted in a social media post. Some of the cabinet ministers’ usernames were also identified along with the ID, which allowed hackers to access the private meeting.
The Washington Post also revealed that thousands of Zoom meetings can be accessed online, including financial meetings, counseling sessions, school classes, and telehealth calls that exposed children’s faces and other details.
While most applications for video conferencing have controls that can be programmed to minimize these hazards, it also poses a variety of additional dangers, such as having sensitive data displayed in the background of the video or unintentionally displaying confidential information on the screen. With saying that, user education is essential for raising awareness about the risks of video conferencing and how to alleviate them.
Combatting Business Email Compromise During a Crisis
With the significant increase in coronavirus-related phishing attacks around the world, business email compromise attacks are now considered one of the biggest threats facing organizations.
BEC attacks are expected to double each year to over $5 billion by 2023, according to Gartner, leading to major financial losses for companies by 2023.
Though relatively easy to execute and low-tech, these sophisticated scams not only cause devastating financial losses but also affect organizational integrity, relationships, and the trust of stakeholders.
A study took place in February, and according to that, BEC attacks increased by nearly 25 percent, ranging from fake invoices to CEO frauds and compromising employee email accounts. To further leverage Covid-19 fears, fraudsters have been cashing in by asking companies to contribute to bogus charities and invoicing for cleaning products and PPE.
Fraudsters and hackers are continually changing their strategies to take advantage of new circumstances, and this pandemic is no exception. When cybercriminals increase their efforts, knowledge of these emerging threats and tactics becomes the most effective tool against them.
Scammers will be swift to take advantage of any security lapses, and organizations should continue to empower and educate staff to remain vigilant. Cybersecurity is the responsibility of all, and creating a culture of cyber awareness with so many potential attack points is the key to improving security.
About the Author
Susan Alexandra is an independent contributing author at SecurityToday and Tripwire. She is a small business owner, traveler, and investor in cryptocurrencies.