COVID-19 has built a kind of social contract that says that we're all better when we get the basics right. Add to the company's contractual obligation to protect personal data and safety awareness training is here to stay.
Fremont, CA: Google recorded 18 million regular hoax e-mails linked to COVID-19 scams early in the pandemic. Since then, phishing attacks have become more targeted, impersonating remote working tools such as Zoom and Microsoft Teams, playing with the availability of masks and testing, and even masquerading as CEOs to dupe users into giving up their passwords and other personal information.They could be so advanced that only 5 percent of the British could spot spam emails according to a study by Computer Disposals Limited.
Phishing is only one of the ways that hackers are taking advantage of the pandemic. Literally, billions of credentials float on the internet, have been stolen through numerous data breaches over the years, and many people reuse their passwords.This has given rise to credential stuffing attacks, which seek to steal credits from a large number of websites in an attempt to take over accounts. Retail and media subscriptions are likely targets because hackers may resell them to the dark web.
These attacks are not new. COVID-19 has actually provided more possibilities. And opportunity has lifted the security conversation from the depths of the data centre to our boardrooms and kitchen tables. The pandemic has forced us, as individuals and businesses, to think more about protection. So, what did we learn?
Research at Cornell University indicates that remote employees can feel more socially isolated than their in-office colleagues. If you're a hacker, this is prime real estate for social engineering attacks that rely on people to be in a state of anxiety.Companies are also nervous. Having moved their staff and facilities online to escape the pandemic, they are now facing new cyber threats. Protecting themselves, their livelihoods and their clients is important, but not everyone knows how to do it.
Threat awareness training encourages vigilance and recognises all staff as part of the Crisis Management Team, but not every organisation has a Chief Security Officer to oversee this training.This year, we saw governments and the security community fill the gap: the UK's National Cyber Security Center (NCSC) launched a campaign to stay healthy during coronavirus, and experts founded the COVID-19 Cyber Threat Alliance, which releases weekly threat warnings.
COVID-19 has built a kind of social contract that says that we're all better when we get the basics right. Add to the company's contractual obligation to protect personal data and safety awareness training is here to stay.Regulators understand that people are making mistakes. Compliance is not an inevitable consequence of any event, but is more likely to happen when companies fail to provide their employees with resources and preparation to mitigate the effect.