What will post-pandemic Cybersecurity look like?

Just as criminals prey on victims when they are at their most vulnerable, for example, after a natural disaster, COVID-19 will be no different. Since the pandemic hit, we have seen an explosion of phishing and malware campaigns, with many of our own contacts reporting up to a 300 percent increase in phishing attacks since February 2020 (many posing as COVID-19 information or resources).

The uptick in attacks couldn’t be happening at a worse time. As businesses operate from remote locations, IT resources are stretched thin and employees, facing a multitude of new challenges working from home, will invariably struggle to remain as vigilant to cybersecurity threats as they are under normal working conditions. 

And yet, it’s at times like these when more than usual vigilance is required. Employees working remotely may have less secure connections, including Wi-Fi connections and shared devices. Remote workers will also have plenty of distractions that can divert attention and increase the likelihood of a phishing email being overlooked.

In the short term
Under regular circumstances, corporations globally suffer cyber losses amounting to trillions of dollars annually. For example, according to one study, the forecast for the global cost of cyber crime pre-pandemic was expected to exceed $2 trillion in 2020. Now that companies are thrust into conducting business from multiple locations with little or no preparation, that number is likely to increase.

As companies rely on unfamiliar technology, such as video conferencing tools, and as employees connect to company servers using unsecured devices, increased opportunities for cyber attacks will continue to push that total higher.

Other areas of vulnerability include:

• Online video and chat sites
• Home routers and Wi-Fi connections
• Mobile devices (typically, these have less security)
• Popular apps, including shopping apps, that could have security gaps

While all industries are vulnerable, hackers are paying particular attention to organizations in and around the health care, pharmaceutical and research sectors, while also targeting academia, financial institutions and e-commerce businesses.

As IT professionals scramble to update systems, install patches, and help businesses secure remote operations, hackers will increase their efforts to gain access to company networks via any method they can.

Looking ahead, we forecast the following trends...

Looking ahead, we forecast the following trends:

• Increased scope for social engineering: Social engineering has always been a successful attack vector for hackers. Hackers will know that employees will now need to communicate with IT and with management remotely, and they will look to exploit that need. Hackers can pose as IT support, as representatives of the company’s financial departments, or as managers in the company requesting sensitive company information, for example.
• More opportunity for physical access-based attacks: With offices now standing empty, these are now also highly vulnerable. Hackers may attempt to gain physical access and either steal your devices or easily install malicious hardware or software on them.
• Software vulnerabilities: Manufacturers are rushing out new update releases or new software versions in an attempt to respond to businesses needing remote operational capabilities. However, there may be overlooked security issues that emerge from this. The same applies to current software. If security updates are rushed without proper testing, your systems may be even more vulnerable once your company devices are updated.
• Theft of video conferencing credentials: As each employee logs on to your video conference app or website, a hacker could be looking in, as well. Hackers can post video conferencing credentials on the dark web, which leaves your company’s proprietary information – and in some cases, your entire systems – open for anyone to steal. When setting up video conferences, be sure to use passwords and use the waiting-room feature so that you’re able to screen who is attempting to join your meeting. For optimum safety, change passwords for each video conference.
• COVID-19 phishing messages: While phishing attempts were already a problem pre-pandemic, remote workers can now expect to see emails impersonating officials from the Centers for Disease Control and the World Health Organization, among others. Once an employee clicks on a link, they could be taken to a website that looks legitimate but is actually a dummy site set up by hackers to mirror sites of legitimate organizations. Hackers recently constructed one such dummy site to mirror that of the Internal Revenue Service’s site for government stimulus payment information.

Protecting your remote operations
How should companies be addressing these heightened cyber security risks with employees? Consider taking the following steps:

• Talk to employees: Open the lines of communication with your employees about the risks they face. Many companies are setting up conference calls and email threads that discuss these heightened risks and what employees should do if they encounter a suspicious email or other request. Depending on the type of business you operate, the frequency of that communication will vary.
• Reinforce communication: No matter how often you talk with employees, do follow ups on email communications with a video conference. Employees can then discuss how to best address potential threats, and they can be part of building the reporting process. Conference calls are a great time to emphasize that no concern is too small. Over-reporting of any potential issue should be encouraged.
• Establish a clear reporting process: When an employee receives a suspicious email or phone call, what should they do with it? Your employees need to have a way to report suspicious activity that includes:
  • Where to report
  • What actions they need to take
  • How the report will be handled
  • When they can expect a response
• Simplify the process with automation: Set up a dedicated email inbox that routes emails directly to the IT support staff and determine a response time that fits within your organization’s capabilities. Some companies are able to offer 24-hour support, but that may not be feasible for your company. Some organizations have icon-style buttons on their email applications that allow employees to move any suspicious email easily into a dedicated portal that is controlled by IT. The IT team can then examine the email and determine its legitimacy.
• Educate your workforce: The most critical – and the most often overlooked – aspect of cybersecurity is educating and training the workforce. In order to report issues, your employees need to understand how to identify them. Even in a remote environment, your company can help employees spot phishing emails through tabletop exercises and quizzes to assess their level of preparedness. Follow-up video conference calls can reinforce your company’s cyber best practices.
• Set clear expectations: Set clear expectations on what your employees can and cannot do. With additional platforms and applications, employees can become frustrated quickly with having to remember login credentials for each system. You should therefore emphasize the importance of not disabling encryption and password protection in software. Do not allow any employee to reconfigure devices to remove some of their security protocols. These systems are essential to protecting company data.

Remote cybersecurity, today and beyond
As the impact of the COVID-19 pandemic continues to drive businesses into remote operations, cyber criminals will be emerging in greater numbers and attacks will rise in frequency. The sharp spike in phishing and malware attempts can be expected to continue well into 2020 as the world grapples with both the health risks and the economic impact of COVID-19

Whether businesses are operating remotely on a temporary basis or more permanently in the future, cyber crime will continue to be a threat to their viability. By increasing your employees’ awareness along with your company’s own diligence, you can add an extra level of cyber protection and keep your business thriving through this period of uncertainty.

Authored by AXA XL's Elissa Doroff and S-RM's Billy Gouveia