While the eyes of the world are focusing on how the Covid-19 outbreak is threatening to overload the healthcare system and the global economy, bad actors are taking advantage of the pandemic by adapting and updating attack methods as the crisis unfolds.
While cybersecurity takes the backseat to more urgent concerns like workforce well-being, availability of financing, and the resilience of operations and supply chains, cyber criminals have found an opportunity to target already vulnerable firms.
A study from IBM Security and Morning Consult on 2020 Consumer & Small Business COVID-19 Awareness Study highlights that – since the virus was declared a pandemic on March 11 – IBM X-Force has seen a more than 6,000% increase in Covid-19-related spam campaigns. From phishing emails and WHO impersonations, to U.S. banking institutions offering relief funds, spammers and scammers are targeting small business owners pretending to offer anything from stimulus relief funds to small business loan applications, all in an attempt to steal these individuals’ information and gain access to their bank accounts.
Another report, “COVID-19 cyberwar: How to protect your business,” shows that the coronavirus-themed spam include new threats such as virus-themed sales of malware on the dark web, and Covid-19-related domains that are 50 percent more likely to be malicious than other domains registered during the same time period.
Employees working remotely can also make organizations more vulnerable. The shift to remote work has opened new loopholes for cybercriminals to exploit since many displaced workers lack the secure equipment or protocols to optimize digital safety. Employees aren’t the only ones who are unprepared: enabling remote working is fairly new for many organizations. Security preparedness is uneven as organizations are making an unprecedented transition to remote working.
IBM notes from their cumulative research that organizations that are highly resilient tend to do three things well:
Cybercriminals are seeing the coronavirus crisis as an opportunity to exploit loopholes. Organizations can see it as an opportunity to beef up their critical security needs and iterate their business continuity plans even while in the middle of this pandemic. Steps can still be taken to mitigate the impacts of an uncertain environment plus use the experience for future crisis planning.