Bivin Jacob did his BCA from Bangalore University & has Business Development experience of over 17 years. Most of his experience has been in Business Development, Sales and Marketing. He has worked in different domains across various Educational Products and lately into Concept Selling. Currently, Co-founded SeciQ Technologies & SecIQ is a pure-play information security consulting firm with an extremely skilled team of security professionals, subject matter experts, researchers and thought leaders all dedicated to one cause — providing their clients with the best cyber security program possible, with a core focus on delivering high-quality end-to-end Application/Product security services, consulting and Training.
Since the beginning of the pandemic, there has been a 300% increase in the number of cyberattacks being committed. While the COVID-19 pandemic was transforming the world of work, it fuelled a pandemic of cyberattacks and data breaches. Companies are accelerating their digital transformation to adapt to the new normal. With organizations rapidly deploying remote systems and networks to support remote work options, criminals are also taking advantage of increased security vulnerabilities to steal data, generate profits and cause business disruption.
In this article, we will examine the impact of covid -19 on Cyber security, Threat landscape & safety measures that every organization can follow & how SecIQ technologies try to make a difference in the Cyber Community.
Cyber Threats on the Rise Due to COVID-19
India experienced a sharp increase in cyber-attacks, by nearly 200%, last year amid the COVID-19 pandemic. Over 1.5 million cybersecurity incidents were reported in the last two years and 1.15 million of them were recorded in 2020 alone.
According to the information reported to and tracked by the CERT-In, 3,94,499 and 11,58,208 cybersecurity incidents were observed during 2019 and 2020, respectively. This represents almost a two-fold increase in cybersecurity incidents over the last two years. A total of 3,137 cybersecurity-related issues on average were reported every day during the year.
The increase in remote working calls for a greater focus on cybersecurity, because of the greater exposure to cyber risk. This is apparent, for example, from the fact that 47% of individuals fall for a phishing scam while working at home. Cyber-attackers see the pandemic as an opportunity to step up their criminal activities by exploiting the vulnerability of employees working from home and capitalizing on threats. Another important consideration is that the average cost of a data breach resulting from remote working can be as much as Rs. 1.1 Crores ( $137,000 ) .
Cyber Threat Landscape :
In the fourth edition of the Phishing and Fraud Report from F5, it was discovered that phishing incidents rose 220% during the height of the global pandemic compared to the yearly average.
Some of the Key cyber threats in relation to the COVID-19 pandemic include:
- Data Breach & Data Leakage – The cost of data breaches for companies have soared to $4.2 million per incident across the globe, the highest in 17 years, as per an IBM report. the study suggests that security incidents became more costly and harder to contain due to drastic operational shifts during the pandemic, with costs rising 10% compared to the prior year.
- Phishing – Threat actors have revised their usual online scams and phishing schemes. By deploying COVID-19 themed phishing emails, often impersonating government and health authorities, cybercriminals entice victims into providing their personal data and downloading malicious content. Around two-thirds of member countries that responded to the global cybercrime, a survey reported significant use of COVID-19 themes for phishing and online fraud since the outbreak.
- Account takeover – Ecommerce Account Takeover Fraud Jumps to 378% Since the Start of the COVID-19 Pandemic. Sift’s Q3 2021 Digital Trust & Safety Index claims account takeovers increased threefold between Q2 2019 and Q2 2021. Most of this increase happened during the pandemic, with attacks rising approximately 2.8 times in the past year alone.
- Malware – Cybercriminals are increasingly using disruptive malware against critical infrastructure and healthcare institutions, due to the potential for high impact and financial benefit. Prior to the pandemic, about 20% of cyberattacks used previously unseen malware or methods. During the pandemic, the proportion has risen to 35%. Some of the new attacks use a form of machine learning that adapts to its environment and remains undetected. As an example, phishing attacks are becoming more sophisticated and using different channels such as SMS and voice (vishing).
- Ransomware – In the first two weeks of April 2020, there was a spike in ransomware attacks by multiple threat groups which had been relatively dormant for the past few months. Ransomware attacks are also becoming more sophisticated. For example, hackers are combining data leakage attacks with ransomware to persuade victims to pay the ransom.
- Application targeted attacks – Imperva Research Labs monitored an astounding 51% increase in web application attacks specifically focused on healthcare targets. Data shows 187 million attacks per month globally, on average – 498 attacks per organization each month
Responding to the Pandemic of Cyberattacks
To defend against these cyber-attacks the organizations should focus on the following measures Employees working from home and using their personal computers (and even those using a corporate-owned device) should implement essential cyber hygiene practices. These include:
- Antivirus protection – Employees should be enabled with antivirus and malware software for use on their computers.
- Cybersecurity awareness – Staff should be briefed on security best practices.
- Phishing awareness – Employees should be vigilant when receiving emails and should check the authenticity of the sender’s address.
- Home network security – Employees should ensure that their home Wi-Fi is protected by a strong password.
- Use a VPN – Virtual private networks can be a useful barrier against cyberattacks. There are some basic cybersecurity strategies that businesses can adopt.
- Identify weak spots – Companies should run tests to identify IT system weaknesses and patch the most critical vulnerabilities as soon as possible.
- Frequent reviews – Companies should regularly evaluate cybersecurity risk exposure and determine whether existing controls are robust enough.
- Renew business continuity and crisis plans – Business lines Managers need to keep their business continuity plans updated and consider cyberattack scenarios.
- Apply new technology and tools – Companies can use advanced tools such as host checking (a tool to check the security posture of an endpoint before authorizing access to corporate information systems) to reinforce the security of remote working.
- Intelligence techniques – Businesses should encourage proactive use of cyber threat intelligence to identify relevant indicators of attacks (IOC) and address known attacks.
- Risk management – Businesses can apply governance, risk and compliance (GRC) solutions for improved risk management.
- Prepare for attacks – Carry out frequent cyber crisis simulation exercises to prepare their response to a cyberattack.
- Zero Trust – CISOs and CIOs should consider implementing a zero-trust approach to cybersecurity. This is a security model where only authenticated and authorized users and devices are permitted access to applications and data. It challenges the concept of “access granted by default”.
There are ways to reduce the likelihood and impact of a cyberattack, but it requires focused action and planning. Companies need to make their remote working practices resilient to cyberattacks and enhance their development and application of security measures. And as one of our CSR initiatives, SecIQ technologies as a Core Security company, we are trying our best in educating the individuals, Student Community & organizations to stay secure & aware about the challenges.