The COVID-19 pandemic has encompassed and disrupted all facets of our lives for nearly a year. Since March 2020, we have seen people work around the clock to protect themselves, their families, and their businesses from the impacts of the pandemic. While the implementation of mask mandates and social distancing alleviated the rise of COVID-19 cases, it did not protect against the coinciding spike in cybercrime.
Today, we are faced with both physical and online viruses. The COVID-19 pandemic initiated a correlated rise in cybercrime, as cybercriminals took advantage of the pandemic to infiltrate users’ security and privacy. Cyberattacks — such as phishing, malspam, ransomware, and business e-mail compromise — have become increasingly more common and effective with users’ newfound state of fear and uncertainty surrounding the ongoing pandemic. Similar to the pandemic, there is not a clear end in sight for the spike in cybercrime. INTERPOL projections state there will even be a further increase in cybercrime in the near future. Therefore, understanding evolving cyber threats is crucial to conducting and protecting our businesses.
COVID-19 & Cybercrime
The COVID-19 pandemic has caused fear, uncertainty, and doubt among all of us. Cybercriminals have used the rise in uncertainty to their advantage. At the beginning of the pandemic, cybercriminals would utilize COVID-19 phishing scams to get recipients to open malicious links or download attachments - resulting in data breaches and/or malware installed on users’ devices. Since the COVID-19 lockdown was introduced in March of last year, cybercrime has increased by 63%, according to a report by Human Element of Cybersecurity. This spike in phishing, malspam, and ransomware attacks have been directly related to the pandemic. INTERPOL Secretary General Jürgen Stock remarked, “Cybercriminals are developing and boosting their attacks at an alarming pace, exploiting the fear and uncertainty caused by the unstable social and economic situation created by COVID-19.”
The intensification of cybercrime in correlation to the pandemic is largely due to the increased vulnerability of employees working from home. Without ensured cyberdefenses, employees are more vulnerable to cybercrime than they would be if they were in an office. E-mail compromise, where cybercriminals use phishing or malspam to trick the recipient into revealing personal data, has become increasingly more common with the pandemic. Cybercriminals can also compromise emails by sending malicious domains, such as fake Zoom invites, third-party payment confirmations, or even employee surveys. A report from INTERPOL shows a 569% increase in malicious registrations from February to March of 2020. In the age of working from home, cybercrimes pose a severe threat to employees’ cyber security.
Who is Being Targeted?
Both businesses and their employees are being targeted by cybercriminals. According to Cybersecurity Ventures, cybercrime will inflict $6 trillion USD in damages in the United States by the end of 2021. Cybercrime Magazine list of damages include the damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.
While large corporations are being affected by cybercrime - such as Honda’s ransomware attack in June of 2020 that forced global operations to be halted and Marriott’s data breach in February which affected 5.2 million customers - the U.S.’s 30 million small businesses are also inherently prone to cyberattacks. Unlike large enterprises, small businesses generally lack resources and/or knowledge to prevent a cyber attack. According to Cybercrime Magazine, “more than half of all cyberattacks are committed against small-to-midsize businesses.” Beyond compromising the reputation of the business and the trust of their customers, a single data breach could cost a small business up to $3.62 million dollars.
Targeting small businesses through their employees has been an effective strategy for cybercriminals. Employees can be responsible for damage by falling for phishing scams, opening infected email attachments, using public Wi-Fi connections, or accessing compromised 3rd party applications. As an organization’s first line of defense, it is up to employees to see through the cybercriminal’s ploy. According to a recent report, 80% of businesses have seen an “increased cybersecurity risk caused by a human factor.” Cybercriminals are enabled by human error, which aids in their success. With more employees working from home, the opportunity for cybercrime has sky-rocketed.
The Risks of Cybercrime at Work
The ongoing pandemic has shifted to more people working from home than ever before. According to Upwork, the remote workforce has increased by 87% from the previous year. At the end of 2020, 41.8% of the American workforce was still working remotely, and an estimated 26.7% will continue working from home through 2021.
With the transition to a remote workforce, employees access their daily work through either their personal home network or a Virtual Private Network (VPN), provided by their company. VPNs provide an extra layer of security for users by protecting their IP address, location, passwords, and data from potential hackers. A VPN maintains an aspect of centralized security, even when employees are not in the office. Consequently, employees using their home network rather than a VPN are subject to a higher risk of cyber attacks. According to the Work-from-Home Cybersecurity Threat Index, 56% of employees are using their personal computer/network at home, and 25% of remote employees don’t know what security protocols are in place on their devices. With a lack of central security, businesses are open to new threats that directly target their remote workforce.
What You Can Do To Protect Against Cybercrime
Since 2018, Blue Signal has kept an eye on cybersecurity threats and has learned the most effective preventative measures to protect your business against cybercrime. If your employees are remote, make sure their network is secure. Use a VPN, and/or provide company devices with cybersecurity software downloaded to enhance security. Additionally, you can implement cybersecurity training for your employees. Having a company-wide presentation on cybersecurity is a great way to ensure all employees are trained and aware of common threats. When employees see that their actions (or lack of) can directly impact their job, they are more likely to be on alert for cybercrime. Lastly, you can hire a cybersecurity professional that is certified in information systems security and/or cloud security to protect your IT infrastructure and network. Having a professional in-house can act as an insurance policy against cybercrime, preventing the problem before it costs you millions.
As an employee, the Cybercrime Security & Infrastructure Agency (CISA) advises to avoid clicking links in unsolicited emails and to be wary of email attachments. Similarly, don’t fall victim to the common threat of disclosing personal or financial information in an email - your boss is not asking you to buy gift cards or run an urgent errand from a “personal” email address. Finally, make sure you are using trusted sources. A simple click on the wrong link or replying with too much information may result in a data breach. Staying informed on cybersecurity protocols and common phishing scams can protect you and your company.
It’s important to start 2021 off strong by avoiding viruses - both physical and online. By leveraging the information above and the resources below, you can increase your personal and business’ cyber security. It’s always better to be proactive when it comes to viruses - like a mask for your data, make sure you have security standards in place for your business. As a partner in the cybersecurity vertical, you can trust Blue Signal to find top-tier cybersecurity talent and facilitate your security and privacy strategies. We have knowledge in the space and understand the issues facing these IT security professionals today, giving you the advantage to get ahead of cybercrime.
Center for Internet Security (CIS) Resource Guide for Cybersecurity
Cybersecurity & Infrastructure Security Agency’s Defending Against COVID-19 Cyber Scams
National Cybersecurity Alliance’s COVID-19 Security Resource Library
Cybercrime Magazine’s 2020 Official Annual Cybercrime Report
Cybercrime Magazine’s Cybercrime & Cybersecurity Infographics
MIT - How to Think About Cybersecurity in the era of COVID-19
Blue Signal Search - Cybersecurity and the Rising Cost of Crime