The COVID-19 pandemic had a significant impact on entire industries. Working from home and adapting to the ‘new normal’ has been particularly challenging especially when cybersecurity is taken into account. Cybercriminals thrive in chaos and the chaos brought about by the pandemic caused cybercrimes to skyrocket at such an unprecedented rate.
Working from home brought with it some degree of comfort to many but it also brought about a crucial issue which was widely overlooked by several businesses worldwide: cybersecurity.
The unprecedented shock caused by the pandemic resulted in businesses trying to tackle issues on the financial and operational fronts to ensure their survival, however, as the dust settles, cybersecurity resiliency is beginning to gain more traction as businesses learn to navigate the ‘new normal’.
There has been a grand reset and businesses need to now focus on dealing with some of their long-term strategic issues. This broad disruption saw the digital commerce space expand like never before and as a result of this, consumer behavior also changed dramatically.
The pandemic sheds light on business resiliency and enterprises everywhere are beginning to recognize the need to evolve.
Over the past decade, cybersecurity experts and businesses alike have been relentless in trying to ensure greater resiliency in their security infrastructure. It is very important to consider what the new reality of business is going to look like to prepare for it.
Cyberattacks during the pandemic
A few months ago, the World Health Organization (WHO) announced that since the beginning of the pandemic, they have experienced a dramatic increase in cyberattacks. Hackers managed to leak a great deal of information from the WHO including around 450 active email addresses along with their passwords. The harm caused by the leaked credentials was very minimal because the data was not recent but the attack itself did affect their extranet system which was used by their partners and current and retired WHO staff. The organization has now had to migrate its affected systems onto a more secure one which requires more rigorous authentication.
Not only did this harm the WHO, but the hackers carried out some fraudulent activities targeting the general public. They impersonated WHO staff in emails to leverage donations to a fictitious fund.
In an official statement referencing the matter, the WHO’s Chief Information Officer, Bernardo Mariano, stated, “Ensuring the security of health information for Member States and the privacy of users interacting with us a priority for WHO at all times, but also particularly during the COVID-19 pandemic. We are grateful for the alerts we receive from Member States and the private sector. We are all in this fight together.”
This incident, if not handled in due time, could have caused some serious issues for the WHO, an organization that was so pertinent during the pandemic.
Around the same time, the United Arab Emirates launched its first national fraud awareness campaign in April due to increased cyberattacks against the country’s banking sector during the pandemic.
The UAE’s National Computer Emergency Response Team was established to deal with the huge volume of cyberattacks. The body was a subsidiary of the country’s Telecommunications Regulatory Authority (TRA). They responded to about 34,000 cyberattacks on federal entities in April alone.
Executive Director of Policies and Programs at the TRA, Mohammad Al Zarooni, stated “We’ve noticed an increased amount of fake websites and fraud websites, who’re trying to trick people into getting their sensitive credentials- such as their bank accounts- in order to compromise these accounts. We need to ensure that the nation is equipped with what they need, as an awareness campaign and awareness program, to be able to identify the difference between the fake versus the real website.”
The UAE seems to be continuing to move towards digitalization with a more cautious approach towards tech adoption and has mentioned that they plan to revisit the country’s data protection laws.
While more people across the world worked from home, it was found that more cyberattacks were beginning to take place. Indeed, VMware’s Carbon Black published their third Global Threat Report which revealed this, citing that 91% of executives who took part in the survey felt that working from home may not have been done most securely.
The dispersal of workforces outside of corporate environments caused this. The study also found that around 85% of CIOs, CTOs, and CISOs in the UK, US, Italy, and Singapore who were surveyed for the report, felt that their workforce had not been prepared appropriately to work from home.
In the report’s foreword, Rick McElroy, a cybersecurity strategist at VMware Carbon Black, mentioned that the “leap in attack frequency and sustained increase in sophistication” proved that “however fast global businesses may be adapting to the intensifying environment, the cyber threat landscape is evolving faster”.
They also found that the manufacturing and engineering sectors suffered the most data breaches and cyberattacks than other sectors during this period.
Before the pandemic hit, ransomware was already one of the most popular hacking techniques for cyberattackers. Attacks of this nature only increased due to the heavy reliance of businesses and workforces on their electronic systems. Cybercriminals seized the opportunity to strike when businesses were most vulnerable. Many energy companies were victim to attacks of this nature as they focused on critical infrastructure.
Contact tracing gained a great deal of traction during this period as governments across the world were trying to contain and curb the spread of the virus. It was a great way to monitor infected patients and who they had come into contact with whilst they were still contagious.
However, the downside to this is that the data picked up from these apps could be very personal, and if it fell into the wrong hands, it would have some serious consequences. Cybercriminals took advantage of this and set up contact tracing apps that were not legitimate which would, in turn, download malware onto users’ devices.
These are merely a few examples of the sort of damage that was caused by cybercriminals throughout the pandemic.
Lessons learned
It is safe to say that we learned many lessons from the pandemic, especially in the cybersecurity space.
Two things pandemics and cyberattacks have in common is that they are both global and can cause damage very quickly. Cybercriminals thrive in chaos and this is why businesses need to work even harder to achieve more resilient cybersecurity infrastructure and diminish the damage they could cause.
According to a paper by the World Economic Forum’s Center for Cybersecurity and KPMG, there are five principles that cybersecurity leaders can follow to prepare for this new digital landscape.
The five principles include: fostering a culture of cyber resilience, focusing on protecting critical services, balance risk-informed decisions, update and enforce business continuity plans, and last but not least, encourage and strengthen ecosystem-wide collaboration.