Chief Executive Officer at Trustwave, a global cybersecurity and managed security services leader.
Health pandemics, weather catastrophes, civil unrest, war — these are all unfortunate realities our global society faces at various times. During these major events, our collective sense of routine and normalcy is often replaced with fear and uncertainty. For most of us, our best selves can emerge and even shine during these trying times as we look for ways to help others and seek to provide some measure of comfort.
However, there will always be a small percentage of people who look at chaotic events as prime opportunities to profit off others. This is especially true in the digital realm, where it is alarmingly easy for cybercriminals and fraudsters to take advantage of others from afar while maintaining total anonymity.
There is a strong correlation between the occurrence of major regional and global events and accompanying spikes in cybercrime activity. These digital crimes usually start with social engineering techniques designed to psychologically manipulate targets into performing desired actions such as clicking on a malicious link or divulging confidential information.
Examples are observed when there is a natural disaster, a major government election or, as we have seen most recently, during a global health pandemic. Since its founding in 2005, in the wake of Hurricane Katrina, the National Center for Disaster Fraud (NCDF) has fielded more than 100,000 complaints involving online charity scams, phishing and fraudulent telephone campaigns surrounding hurricanes, floods, wildfires, tornadoes, earthquakes, explosions and chemical spills. Elections and periods of political or civil unrest are also prime opportunities leveraged by cybercriminals. Coordinated malware, misinformation campaigns and other cyberthreats have spiked ahead of presidential elections in the U.S., Ukraine and many other countries.
Cybercriminals leverage these major events and their accompanying news cycles because they know that most people have a natural affinity for helping others in need. They take advantage of this quality to trick unsuspecting victims into providing personal financial details or clicking on malicious links and fake websites that redirect well-intentioned donations to fraudulent accounts.
Cybercriminals also recognize that during times of heightened fear and uncertainty, such as during the current pandemic, people are both hungry for the latest information and also less discerning about the links they click on. With many people now working from home (where they may not have the most secure networks to begin with) and juggling the added distraction of caring for their children while working, cybersecurity awareness often diminishes.
A Covid-19 Spike In Cybercrime
The global Covid-19 pandemic is perhaps one of the biggest events cybercriminals have ever leveraged. Along with others in the global cybersecurity community, the Telco Security Alliance (which our company is a part of) reported in July that it has observed a sharp increase in malicious online activity by taking advantage of Covid-19 themes through the use of ransomware and phishing attacks. The alliance identified more than 1 million cybersecurity threats leveraging Covid-19 fears in the first half of 2020, with a 2,000% increase in the month of March alone.
Likewise, the World Health Organization (WHO) reported a fivefold increase in cyberattacks in the month of April.
How to Protect Your Business
Fortunately, there are steps organizations can take to better protect themselves, their employees and their sensitive data during times of increased threats. Here are four best practices to follow:
1. Security awareness training: Security education is key. An organization’s cybersecurity program is only as strong as its weakest link. If even one individual is not following best practices, they threaten the security of the entire organization. Organizations should refresh employees’ cybersecurity awareness training, paying attention to addressing the unique considerations that come with working from home. Train employees on how to recognize common tactics used by phishers and scammers. Teach them about the importance of password security and keeping work devices on separate channels from personal ones.
2. Employ ongoing penetration testing: Organizations should conduct penetration testing on an ongoing basis to spot vulnerabilities and identify employees who tend to click on links they should not. The combination of penetration testing, along with ensuring that every employee working from home is issued a clean laptop with a virtual private network (VPN) for secure communication with corporate resources, is essential. Otherwise, if an employee’s computer gets infected with malware and they later return to the office, they could potentially spread malware throughout the entire network. With penetration testing, VPNs and multifactor authentication, organizations can help ensure that their employees’ home environments are as secure as working at the office.
3. Tighten email security: Strengthening email security remains one of the most effective steps an organization can take to stop cybersecurity threats. A secure email gateway acts as the front door to an organization’s network. By ensuring that email security filters are buttoned up, organizations can stop malicious emails and the links within them before they hit employees’ inboxes. Keep email systems patched and use the latest antivirus software to scan both incoming and outgoing emails. Train employees to take the time to ensure emails are coming from a legitimate source and not the product of phishing.
4. Get proactive about security: Organizations should employ frequent threat hunts to actively seek out malicious activity within their networks. For example, seemingly trusted third-party software enterprises can still contain hidden backdoors or spyware that give malicious actors access to an organization’s network or the ability to download malware onto systems. These threats often operate surreptitiously and can go unnoticed for years if they are not proactively being sought out.
The digital lifestyle is fully engrained in our business and personal lives today. It has spearheaded many benefits and advancements, such as faster communication, connection to global events and the ability to support others from a distance. However, while most use technology for good in times of crisis, there will always be a percentage of the population looking to take advantage of others. By recognizing this, educating employees and implementing security best practices, organizations will be better prepared for the next inevitable event.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?