Indeed, the world is experiencing a cybercrime pandemic, which is a direct consequence of COVID-19. Due to the global spread of the virus in 2020, many organizations – without proper risk analysis or mitigation planning – were forced to send their employees to work from home or work remotely to balance safety, compliance, and business continuity.
Ransomware attacks which have increased by nearly 500% since the start of COVID-19, are a major part of this cyber pandemic.
Suddenly employees and businesses were following modified business processes, often with lesser controls, using relatively insecure setups involving personal computers and shared internet connections. This sudden paradigm shift created a fat new target for cybercriminals and cyberattacks across the world have increased dramatically since then.
Hackers Exploit COVID-19 ‘Fear and Uncertainty’InterPol
The FBI’s 2020 Internet Crime Report listed 791,790 cybercrime complaints in 2020 – a 69% increase over 2019. In the SolarWinds supply chain attack, hackers had access to the data of at least nine U.S. federal agencies for more than nine months.
The cyber pandemic is continuing to spread in 2021. In January this year, a ransomware attack affected the OT systems of WestRock, the second-largest packaging company in the United States. In March, over 30,000 organizations in the U.S. were affected by the Microsoft Exchange Server attack.
May 2021 was the first time a cyberattack had a large-scale physical impact on the general U.S. population. The Colonial Pipeline ransomware attack caused the average U.S. gas price to go above $3 a gallon for the first time in over six years and led to severe gas shortage in several states. In the same month, a ransomware attack on JBS, the world’s largest meatpacker, halted all its U.S. plants. And a supply chain attack on software provider Kaseya in July may have affected between 800 and 1,500 businesses.
Ransomware attacks, which have increased by nearly 500% since the start of COVID-19, are a major part of this cybercrime wave.Phishing is still the primary method of spreading ransomware. Since COVID-19 forced people to work in isolation, it’s harder for them to consult with a co-worker or IT staff member before they succumb to a phishing email. The evolution of Cybercrime as a Service on the dark web has happened over the last few years, but the recent targeted ransomware attacks were fueled by a more focused model, Ransomware as a Service, provided by sophisticated cybercrime groups. In March, during the early days of the coronavirus pandemic, Deloitte’s Cyber Intelligence Centre reported a spike in phishing attacks, malicious spam, and ransomware attacks that use COVID-19 to bait users.
Recent cyberattacks have not only affected information technology systems; attacks on operational technology are also on the rise. These were rare before the COVID-19 pandemic, due to the difficulty in getting access. But COVID-19 has forced organizations to connect their OT systems or the connected IT systems to the internet to facilitate remote management. That allowed cybercriminals to compromise the OT systems either directly or by infiltrating into the connected IT systems.
A recent cyberattack on a water plant in Florida could have caused the water to be contaminated. And in the cyberattacks in Colonial Pipeline and JBS, OT systems were most severely impacted , Or the latest cyber attack on FBR Pakistan website and portals as instigated by Indian hackers. Govts all around the world need to be vigilant about their critical infrastructures and safeguard their strategic cyber assets in this time.
More than a year into the pandemic, and months after the first rollout of COVID-19 vaccines, people are eager to get back to their regular activities. But some activities might require you to show that you’ve been vaccinated or had a recent negative COVID-19 test. How you do that may depend on the activity and where you live.
In Pakistan there are those paper based NADRA COVID-19 vaccination certificates that people get when they get their vaccine. But they were never designed to prove your vaccination status and they may not be enough. Some states, companies, colleges, and other organizations are creating their own verification products and services, including apps, digital passports or Plastic NADRA Covid-19 Vaccination Cards that show same information as your NIMS immunization certificate. Some connect to state immunization databases while others rely on individual self-report. The patchwork approach gives scammers an opportunity to cash in on this confusion.
Just as vaccination keeps us safer from COVID-19, we have realized that proactive prevention measures will place our organizations in a better position to combat this cybercrime pandemic. With cybercriminals creating waves of new threat variants, we reviewed every layer of the security chain and its relevance in the new normal and made appropriate changes to create new preventive controls. We ensured that cybersecurity is embedded with every modified business process.
Before the COVID-19 pandemic, cybersecurity strategy was primarily focused on securing the network perimeter. But COVID-19 blurred the borders around businesses’ critical applications and data. The network perimeter has been extended to employees’ homes, and accessibility needs from anywhere have accelerated the migration to cloud and adoption of other digital technologies.
The changing scenarios required increasing the level of security, and it was critical to ensure that security was never an afterthought. New IT security layers included smart endpoint protection, stronger identity controls using mandatory multifactor authentication, and zero trust network access for enhanced protection.
Today’s cyber defense must start at the endpoint. A sophisticated endpoint detection and response tool provide continuous and real-time protection to any device that communicates with organization’s IT assets. Leveraging behavioral analysis and actionable intelligence to endpoint data, EDR solutions’ early detection and prevention can stop an incident from turning into a breach.
With more virtual and remote workers than ever before, strong user identity verification with multifactor authentication is essential. MFA and 2FA prevents breaches by requiring additional information or credentials from the user apart from password. Cybercriminals may garner a user’s password using a phishing or social engineering attack, but they still won’t be able to get in with MFA in place.
The rapid cloud migration must be secured by zero trust network access. Zero trust eliminates the notion of trust prevalent in traditional perimeter security model. Properly designed zero trust policies will help companies to protect data in the cloud from unauthorized access or breach.
Finally, as the ultimate cover, there is no alternative to the defense-in-depth approach to cybersecurity – where a series of defensive mechanisms are layered to protect the critical assets. If one mechanism fails, another will step up to thwart a cyber attack. This multilayered approach with intentional redundancies increases the security as a whole and address many different attack vectors.
Like COVID-19, the cybercrime pandemic may always be with us but, as we are finding ways to reduce the impact of the virus, organizations need to start adopting a holistic cyber risk management strategy that prioritizes resilience while giving due importance to security. Cyber resiliency is the ability to anticipate, withstand and quickly recover from cyberattacks.
We have to design our cyber resilient strategy encompassing the people, process, and technology elements of cyber risk. Even with stronger technology controls, our employees still need to attend regular cyber awareness trainings, so that they can exercise good judgment to maintain information security.
The process includes a well-defined incident response plan, with documented roles and responsibilities, internal and external communication plans, and detailed run books for common incident types. A well-rehearsed recovery plan is the most critical component of a successful cybersecurity program.