It is clear that cybercriminals are continuing on their ruthless path to disrupt lives—even during a pandemic. The scope of the problem is evident, with Google reporting an explosion of attacks on Gmail users. The tech giant recently revealed that about 18 million COVID-related scam emails are blocked every day.
Increasing data breaches are rattling UK businesses in the middle of a crisis. While some companies are shoring up their defences to mitigate the effects, others are left exposed and weak because they lack preparation. Based on a report, 88% of UK companies experienced a data breach in the past 12 months, however many have not done a cyber risk assessment. In fact, only a small percentage (31%) of organisations acknowledged they conducted a cyber risk assessment.
One of the security challenges during the pandemic is the shift to a remote workforce. COVID-19 exposed vulnerabilities such as network capacity issues, limited work devices for distribution, and security risk from video conferencing tools. Threat actors are exploiting these vulnerabilities with a barrage of cyberattacks on both individuals and organisations.
Cyberattacks facing the UK
In 2020, a joint UK/US guidance was issued to alert the public of an uptick in cyber threats taking advantage of COVID-19 related themes. According to the advisory, individuals, small and medium enterprises, and large organisations are heavily targeted with COVID-19 related scams and phishing emails. What type of organisations are most at risk? Based on recent trends, reports are showing that healthcare facilities, education institutions, and research labs are experiencing a spike in malicious cyber-attacks during this challenging period.
Cybercriminals are capitalizing on the pandemic by using social engineering methods to:
- Distribute malware using COVID-19 lures – this includes ransomware that can infect a computer and lock a user out of the system until a ransom is paid. A hacker can also deploy malware to infect one computer, which can then spill over into a company’s IT network and cause serious damage.
- Send out phishing emails with links to fake websites – emails with subjects such as ‘Coronavirus Update’ or ‘2020 Coronavirus Update’ prey on the anxiety of individuals. They are lured into clicking on links or attachment in these bogus emails, which takes them to a website that can steal information such as credit card details, usernames, and passwords.
- Attack remote workers and new teleworking infrastructure – Criminals are exploiting IT infrastructures and tools that allow employees to work remotely, such as Citrix and video conferencing apps including zoom, skype, and Microsoft teams.
A guide to improving cybersecurity
While cyberattacks are inevitable, organisations and individuals must be vigilant and know the steps to take to increase their protection. Here are some recommendations:
An untrained workforce is your weakest link when it comes to cybersecurity. Every employee should know what their role is in keeping their company safe from data breaches. A training plan should be deployed and updated when necessary as new information in the cybersecurity world becomes available. Employees should assess every email that comes in, even if it seems to be from a trusted or familiar source.
Sophisticated actors use social engineering techniques to appear genuine, so emails must be scrutinized before they are opened. Never click on links or open attachments if you’re not sure about the sender.
A virtual private network allows users to safely and securely traverse the internet without being tracked by hackers. As organisations transit to remote working, everyone should consider using a VPN to ensure security in the UK. Individuals can install a VPN on their devices to encrypt the data they transmit and receive, especially when connected to public Wi-Fi networks.
Passwords should be difficult to crack, making them harder to remember, but you can keep track by using a password manager. This tool allows you to create unique, secure passwords that can be retrieved easily. Companies that enforce regular password changes as a security feature will benefit from a password manager. There are several password manager apps to choose from, so do your due diligence before making a selection.
When it comes to cybersecurity, being overly cautious is encouraged. Enabling two-factor authentication (2FA) is a great way to protect devices and accounts from hackers. The added layer of security makes it harder for an attacker to access your account, even when they manage to steal your password. 2FA can be a fingerprint, a PIN sent via text, or you can install an authenticator app such as google authenticator to retrieve the additional login requirement.
Every business needs a data backup plan. What happens if the business gets hacked? Losing that data would be a disaster. This is why a data backup plan must be implemented where extra copies of data are stored either offline or in a cloud. It’s imperative that backups are done regularly so that the most current information is saved. Regular data backup can save a company from ransomware attacks because when a company knows that their information is stored elsewhere securely, they can refuse a ransom demand.
Keep operating systems and applications up to date with patches to reduce exposure to security vulnerabilities. Company networks must always be running on the latest software and for employees who are assigned work devices, turning on automatic updates is always a good idea. Once a vulnerability is known to the public, hackers try to find devices running on the software. It is critical to install updates as soon as they are made available to prevent hackers from breaching your system.
By following these steps, organisations and individuals can strengthen their resilience at a time when cybercriminals are working overtime to cause further disruptions in an already volatile environment.