In the past year since COVID-19 began, so much of our way of life has changed. Every sector from small businesses, individuals, to national economies, has felt the impact of the virus in one way or the other. This is certainly true of COVID-19’s impact on cybersecurity.
Businesses and institutions had to rethink their work strategies and find creative ways to continue operating amidst requirements of social distancing and even lockdowns. The internet became the only way businesses could continue their operations while keeping employees safe.
While the internet has been a force for good in helping businesses and organizations thrive during the pandemic, it has opened up opportunities for cybercriminals to unleash their mischief on unsuspecting or unaware employees and organizations.
Here’s how COVID-19 has affected cybersecurity:
Phishing and ransomware attacks have risen over the past year in the wake of the confusion and uncertainty surrounding the virus.
Phishing attacks increased by 11%, while ransomware attacks increased by 6%, according to a report from Verizon. COVID-19-themed phishing and ransomware attacks have evolved since the beginning of the pandemic.
Criminals impersonated organizations such as the World Health Organization and other institutions at the forefront in the fight against the virus. These scams have evolved today to target the vaccine supply chain.
A majority of these attacks – 85% — had an element of human error. Instead of targeting computer systems, cybercriminals changed their tactics to take advantage of human vulnerabilities through emails, texts, and calls.
The tactics criminals are using have also evolved. For instance, cybercriminals incorporate the latest COVID-19 developments to make their phishing emails and texts seem legitimate.
Ransomware attacks have also been on the rise since the start of the pandemic. Cybercriminals send malware to encrypt an organization’s data. They then demand ransom, sometimes with the threat of publishing that company’s sensitive information.
Cybercriminals also launched data harvesting schemes targeting unsuspecting customers by leading them to clone sites and harvesting their personal and financial information.
Most companies were forced to allow employees to use personal devices as part of their transition to remote work. Even when companies provided the equipment workers would use, employees had to rely on home security networks to access corporate data.
There is a problem with these devices and networks. They lack sophisticated security measures to protect their networks and devices from malicious actors.
These poorly-secured or unsecured devices and networks were easy for cybercriminals to infiltrate and thereby gain access to personal and corporate data.
Collaboration and communication tools rose in popularity for businesses that could no longer conduct in-person meetings or work from their offices. New software and tools were developed to fill the need for collaboration tools.
However, the increased adoption of these tools gave cybercriminals another opportunity to exploit any security vulnerabilities they had.
Criminals targeted collaboration software and tools to steal personal information, including names, email addresses, and passwords. Since many people are likely to repeat the same passwords, the criminals would then use them to gain access to other accounts.
In other instances, unwanted or uninvited members would join meetings, collect sensitive information, and then disclose this information to other malicious actors or to the public.
The pandemic has changed how we view and approach cybersecurity. It saw a drastic increase in the number and sophistication of threats targeting individuals and businesses. It has resulted in newer and sophisticated cyberattacks. Furthermore, it has forced businesses to adopt measures to protect and mitigate the effects of these security threats.
Protecting your business and personal data demands that you observe some of the basic cybersecurity best practices. RKN Global is on the forefront of this field with its own blockchain-based identity verification platform, Moniic.