Covid-19 has altered the workplace significantly, and possibly in a permanent manner. While the world’s attention has been fixated on the medical and economic repercussions, an important consequence has gone relatively unnoticed: the rise of cybercrime. With companies having to enable remote access to their content in a very short period of time, there has not been enough time or resources dedicated to bolstering cybersecurity, and cybercriminals have accurately spotted this opening. Companies now have a fundamentally crippling problem to consider: is their data stored safely?
In March of this year, the Marriott chain of hotels was hacked and details of 5.2 million guests were released publicly. A similar incident at MGM resorts led to public disclosure of sensitive details of 10.6 million guests. 500,000 Zoom user accounts emerged for sale on the dark web, resulting in what is known as credential stuffing – the usage of bots for large-scale automated logins with stolen user accounts. Given how many companies use Zoom to communicate officially, the lack of protected links likely facilitated many third parties to acquire sensitive information. With such attacks on the rise, the global cost of cybercrime is projected to increase to $6 million by the end of 2021.
Given the exponential increase in user traffic on Covid-19 related websites, cybercriminals have capitalised on it in creative ways. In one instance, a fake map of global Covid-19 cases was created and embedded with malware. Safety gear such as PPE kits and masks are being sold on fake websites. Some even sell mask-exemption cards allegedly issued by the government. Phishing has undergone an evolution in these times. Cybercriminals are switching up their tactics by sending Covid-19 related spam messages to emotionally manipulate their target. According to Deloitte, around half of all employees working from home fall victim to phishing scams.
Why is there a sharp increase in cyber-attacks? As many people work from home, the absence of a local server to transfer data means companies cannot ensure that the pathways of data remain securely within trusted sources. Transferring information over the internet makes data leaks enormously easier by facilitating third party access. Secure copy protocol (SCP) based on Secure Shell (SSH) protocol is used to transfer files remotely. This cryptographic network protocol specifies the rules and semantics of data transfer. Within the SSH protocol structure exist SSH keys, which essentially function like passwords. Advanced hackers can collect SSH keys which give them backdoor access.
SSH keys are more easily spread now given the current circumstances with remote workers. Access to IT support is limited, leaving employees susceptible to network failures they cannot solve themselves. Employees may often just switch to personal devices and personal accounts which do not have the same layered protection as a company device or account. Passwords may not be strong enough or they may not be stored in a secure manner. Moreover, if there is no restriction to the number of personal devices or accounts that can be used for access, it is difficult to verify the personal accounts being used to access the data. It is also just easier to use personal accounts in general, incentivising employees to pursue the less secure route to access data. They might use public Wi-Fi or an unsecured Wi-Fi network without VPN. General ignorance and naïve practices prevail amongst most workers not familiar with IT infrastructure. There is also concern that malicious employees can exploit private access and sell or manipulate company data, calling into question the trust companies place in their employees.
While large corporations and sectors such as Fintech may be more attractive for cybercriminals, small businesses remain relatively more vulnerable as they may not have the resources to dedicate towards ensuring a virtually safe network for all their employees individually. Often times, this entails that the only way employees can work is on their personal devices. In this case, a suspicious-by-default approach is preferrable and no device must be granted access unless authenticated.
Here are some of the strategies undertaken by companies to fight cybercrime: multi-factor authentication, phishing drills where companies send emails resembling phishing emails to keep their employees on alert, encrypted software to store information, and reliable anti-virus subscriptions for employees. Without the right adjustments to their data transfer infrastructure, companies will remain vulnerable in this ominous virtual landscape.
The theme of this year’s Excellence Programme is Cybersecurity. If you want to delve deeper into the details and importance of cybersecurity, join the FAECTOR Excellence Programme for this year. Applications close on the 8th of January.