Understanding the Significant Impact of COVID-19 on Cybersecurity
Surprising absolutely no one, criminals are leveraging the COVID-19 crisis for personal gain. This month alone, we've seen multiple phishing scams surface connected to the global pandemic, in addition to an attack targeting a COVID-19 map maintained by John Hopkins University.
It's a familiar story: A global crisis enters the public eye. People the world over are anxious and afraid, uncertain of what the future may hold and of how the pandemic might develop moving forward. As is so often the case, the fear attracts scammers like honey attracts flies.
The good news is that these attacks are easy to spot. For the most part, they are bog-standard phishing scams such as fake CDC emails masquerading as legitimate sources of information.
"We have observed espionage actors from [multiple nations] exploit [COVID-19] in spear-phishing campaigns, using legitimate statements by political leaders or authentic advice for those worried about the disease as lures," Ben Read, Senior Manager of Intelligence Analysis at security firm FireEye told publication MarketWatch. "We expect continued use of coronavirus themed lures by both opportunistic and targeted financially motivated actors due to the relevance of the theme.
These scams are part and parcel of every crisis. They also do not represent the greatest cybersecurity threat of COVID-19. That, by far, can be tied to the massive upsurge in distributed work, a development that very few businesses were even remotely ready to address.
Whereas before, corporate resources and assets were centralized in a controllable, manageable enterprise network, they are now spread across a massive network of telecommuting staff. To say this is a cybersecurity risk is putting it lightly. A business that does not take the necessary steps to protect homeworkers implicitly accepts the fact that their data can be put at risk by even the most basic of cyberattacks.
By and large, the best thing any business can do is provide home workers with requisite security tools such as:
- File-centric digital rights management software that guards against unauthorized access.
- Password management tools to help secure the authentication process.
- A secure tunnel to corporate resources so employees aren't using potentially-unsecured WiFi.
Beyond that, it's a matter of understanding how employees work and access the web at home and of instilling in them a level of mindfulness, conscientiousness, and care, regarding both their personal and corporate data.
Ultimately, COVID-19 is like any global crisis, simply on a larger scale. There will inevitably be criminals who seek to profit from fear and panic. Know how they operate and equip your remote employees with tools to protect themselves, and you'll be just fine.