COVID-19 cyber security FAQs
COVID-19, and its implications for businesses, has been widely discussed over the past few weeks, particularly when it comes to cyber crime and how bad actors are trying to exploit the pandemic for their own ends.
Ilia Kolochenko, founder & CEO of Web security company ImmuniWeb, answers some of the most frequently asked questions around this topic.
1. How are cyber criminals exploiting people at home?
Kolochenko says it is a convoluted mix of infrastructural unreadiness and overly susceptible human psychology during the spiraling crisis.
“Some cyber criminals exploit uncertainty and aptly forge e-mails or SMSes claiming to be from state authorities, imposing or demanding certain actions, including sharing confidential data or clicking on a malicious link to infect victims with malware.”
Others, he says, merely exploit overall lack of security hardening of home-placed computers and deploy various well-known attacks, ranging from large-scale spear-phishing campaigns to sophisticated BEC (business e-mail compromise) scams targeting C-level executives.
He says all of these vectors are highly efficient. At the same time, breach investigation is hindered by suddenly disorganised IT and security teams trying to adapt themselves to this new reality.
2. Do video conferencing calls make individuals more vulnerable?
While conference calls do not create additional cyber security risk per se, they do expand a wide spectrum of existing attack scenarios, such as sending fake Zoom or WebEx invites, warns Kolochenko.
3. Are employees responsible for their own security?
Kolochenko believes this should remain the responsibility of the employers. In light of the spiraling panic and partial shortage of food and medication in some cities, it would be somewhat unreasonable to shift this burden to already overburdened and stressed staff members, he says.
4. How will all this impact the cyber insurance market?
“For the moment, it is virtually impossible to give a long-term forecast, though it would be reasonable to expect a spike in demand for insurance, and a subsequent price increase," says Kolochenko. "Insurance companies will also likely increase their scrutiny of incoming claims for coverage, imposing higher standards of requisite cyber security. Otherwise, careless or simply unprepared home-based workers will empty their pockets within a few weeks.”
So what should those of us working from home do to strengthen our cyber security posture?
According to Kolochenko, remaining vigilant is probably the best action that potential victims can undertake. “Corporations should rapidly develop and promulgate a clear, coherent and efficient cyber security communication strategy, reminding teams about basic precautions and security policies, including how to report an incident or suspicious activity.”
In addition, he advises double-checking the authenticity of any incoming messages, e-mails or phone calls. “If there is any doubt, report to your internal security team or police. Be particularly prudent when someone is trying to extract any data from you in an emergency, pretending there is no time to convincingly explain the context.”
For business, Kolochenko calls for a consistent, threat-aware and risk-based cyber security policy that needs to be relentlessly promulgated to employees in an easily-consumable and friendly manner.
He ends on a sinister note, speaking of how this pandemic might affect businesses long-term. “Rather than it being a unique opportunity for businesses to tighten up their defences for the long-term, it is a challenge that may kill weak and unprepared companies.”