Non-security incidents can have a substantial knock-on effect within the information security spectrum
Steve Durbin, Managing Director of the ISF
Cyber threats didn’t suddenly become a thing when COVID-19 pushed the enterprise into a remote workforce. Careless, security noncompliant employees have negligently allowed hackers access into company computers and software while solidly ensconced within a brick-and-mortar office. A pre-US lockdown January insider threats report from Ponemon showed the average global cost of those insider threats rose 31% from 2018 to when the report was compiled on Jan 29, and incidents of hacking spiked 47% in the same time period.
Hacking has gone viral
But the coronavirus pandemic brought a new slew of cyber threats, feeding on how “Anxiety and desperation can make it easy to let one’s guard down when it comes to online threats,” Forcepoint principal security analyst Carl Leonard told TechRepublic in March.
Last month, TechRepublic’s sister-site ZDNet reported what it dubbed “disturbing statistics” of COVID-19 cybercrime, including brute-force attacks were up 400%, the number of unsecured remote desktop machines rose by more than 40%, COVID-19-related email scams surged 667% in March, tens of thousands of coronavirus related domains are created daily—and 90% of those new domains are “scammy.” It further noted that 530K Zoom accounts were sold on the Dark Web, and a 2,000% increase in malicious files with “Zoom” in the name. A 2020 SonicWall cyber threat report cited a 105% spike of ransomware samples.
“Non-security incidents can have a substantial knock-on effect within the information security spectrum,” weighed in Steve Durbin, managing director of the Information Security Forum, an organization of cyber, information and risk management businesses. “In 2020, the striking example has been the global COVID-19 pandemic, which forced digital change on organizations at high speed and certainly faster than many had dealt with before. It meant that senior IT and security managers have been called on to refocus efforts and help their organization oriented around secure remote working practices. They also had to ensure supply chains remain secure and roll out tailored security awareness campaigns and training, for example to combat the sudden flood of phishing scams related to COVID-19. COVID-19 represents both a crisis and an opportunity. It has accelerated and concentrated forces, such as the move to remote working and adoption of cloud services, that were already in motion. Organizations must be willing to respond to non-information security-related threats if they have a significant impact on the way an organization operates or threaten its technical infrastructure.”
Finally, “As well as using digital tools, it’s paramount that enterprises stick to high-security standards,” Cleveland stressed. An “employee should always follow their employer’s advised best practices to avoid being the cause of a costly breach.
At the very minimum, best practices should include using company-issued devices equipped with security controls where possible, VPN usage from personal devices, and training on basic security practices. Companies should implement a disaster recovery and business continuity plan, and purchase cybersecurity liability insurance.”