The year 2020 has brought on a myriad of new challenges into our lives — one thing that continues to plague us this year, but is nothing new, is the fact that there are numerous threats looming in the cyber world. Below, we will take a look at just a few of the threats which have been prevalent this year and those past, those which are especially important to be aware of this October — National Cyber Security Awareness Month.
In the 2019 pre-COVID world, full-time telework made up 30% of the workforce in America. As of June 2020, 42% of the U.S. worked from home in a full-time capacity with even more folks working from home as a part-time or hybrid model; many companies have shifted to a continued, permanent work from home approach — be it full or part time — in order to maintain productivity amidst a continuing pandemic.
While telework is incredibly helpful to employers and employees alike particularly given our current situation, there are some potential heightened security risks that are present with employees being disbursed and not centrally located to the traditional on-site office. Phishing emails (to be discussed below) exist at all times, however, with people working from home and potentially being less vigilant than they would be while on-site, there is a greater risk of an employee falling for a phishing scam. Not only this, but if a person in an office caught on to a phishing scam, it becomes common knowledge quickly — with less coworker interaction existing at the moment, the communication of threats is less than usual.
On top of this, some employees will continue to telework even once restrictions around the pandemic have been lifted as many companies are happy about this new means of working — however, this does mean that many employees will be tempted to take their work to a cozy coffee shop or a Wi-Fi friendly park. While this highlights the flexibility presented in a work from home model, it is a major security risk as public Wi-Fi is typically not well-protected and easily hackable.
Unlike the vulnerabilities presented by a shift to work from home which are very new to large number of the workforce, phishing scams have been around for a long, long time. Phishing is the most common cyber attack, especially when it comes to cyber threats which target individuals and businesses alike. This social engineering attack comes in the form of malicious emails which are intended to dupe the recipient into clicking on false links which appear to be legitimate in order for the hackers to steal the victim’s information or gain access to their networks. In 2019, it was reported by the Verizon 2020 Data Breach Investigations Report that 22% of data breaches are initiated by a phishing attacks.
COVID- Themed Attacks
While themed phishing attacks are nothing new, COVID phishing scams have become especially dangerous as many are falling for these dupes due to the fear surrounding this global pandemic. Things have gotten so bad in regards to phishing scams in the U.S. during these unprecedented times that the Department of Justice has directed the National Center for Disaster Fraud (NCDF) to gather coronavirus-related cybersecurity complaints from the public and assist with information sharing about these scams. This Center received over 76,000 tips on COVID-19 related scams and on top of this, the FBI’s Internet Crime Complaint Center has received more than 20,000 tips about suspicious websites and media postings related to COVID. The National Law Review highlights that these numbers can only include those the schemes that are discovered to be malicious, it does not include sophisticated phishing scams which are successful in stealthily stealing peoples’ data.
Ransomware is a form of malware which malicious actors will use to block access to the targeted business’ files which are held for ransom by the cybercriminals until they are paid. The estimated global damage from ransomware attacks for 2020 is $20 billion. The costs associated with ransomware attacks not only includes the ransom to be paid out – which increased over 100% in 2019 and is anticipated to be on the rise this year – but also the cost of downtime that a company will experience from not being able to work while their data is compromised. These are one of the most costly attacks in the cyber world.
Ransomware incidents have been on the rise since the beginning of the pandemic, more than doubling in just the past three months. Cybercriminals came to the cruel realization that hospitals, who are overwhelmed by “regular” and Coronavirus patients, likely are not focusing on their cybersecurity at this time, and those medical facilities quickly became these malicious actor’ targets — particularly smaller, local hospitals who are believed to always have less strong defenses to cyber threats.
In June of this year, the University of California at San Francisco paid out a $1.14M ransom to cybercriminals who hijacked their data. While this massive entity could afford to pay the ransom to retrieve their data, this is not often the case when it comes to smaller hospital or education institutions.
A data breach is an incident where a company’s private information is accessed without authorization. Just as ransomware can be incredibly costly to an organization, the same is true for data breaches. These can be caused by phishing attacks, weak passwords that are easily guessable, and vulnerabilities which hackers detect and then capitalize for their own gain. Earlier this year, social media giant, Twitter, was hit by a data breach. This is, as the name indicates, when the data the company has is breached and in the case of a website as prevalent as Twitter, this impacts millions of people across the world.
While these are just a small few of the most common areas of cyber threats we’ve seen in 2020, there are many other security risks out there and new, more sophisticated threats are hitting the online world all the time. This can be daunting, however, businesses can protect themselves by investing in cybersecurity to protect their systems — likewise, individual users should use caution when navigating the Internet and ensure that they are staying up-to-date on cyberthreats. Being prepared, cautious, and knowledgeable are some of the best, most important tools we can have in our arsenals.
Image made with Canva.