The rapid shift to remote working, leading to security measures and education having to play catch-up, has opened a broad attack surface for cybercriminals.
Most businesses in the region have rapidly shifted towards a remote workforce in the wake of the COVID-19 pandemic, and some may not have the chance to implement security measures and educate employees in a timely manner.
This has created potential opportunities for cybercriminals that render employees and businesses more susceptible to various forms of cyber-attacks.
Ng Teck Siong, Underwriter, Cyber and Technology, Asia Pacific, Beazley, discussed with CybersecAsia how cybercriminals are taking advantage of this pandemic to infiltrate and gain access to confidential and sensitive business information, the types of businesses that will face the greatest impact, and what businesses in the region, especially SMEs, can do to stay resilient and alert to these ever-changing threats and attacks.
What are the various ways that cybercriminals are exploiting the current COVID-19 pandemic?
Ng: Cybercriminals continue to evolve the sophistication of their attack methods and we have witnessed that with the ongoing Covid-19 pandemic implicating consumers – from malware designed as a Covid-19 tracking platform to phishing scams promising the availability of pandemic-related essentials.
As the global economy shifts towards a remote workforce, businesses have increased the use of virtual-meetings and cloud services, providing another gateway for hackers to infiltrate and gain access to confidential information. Recently, we have seen that web meetings on the video conferencing platform, Zoom, have been disrupted by online trolls and this could just be a precursor of more harmful attacks – such as accessing corporate secure files. Before this pandemic, ransomware attacks had been on the rise. We recorded a 131% increase in ransomware attacks in 2019 from 2018 based on our 2020 Breach Briefing Report. With millions more people logging into work computers and servers remotely, the tool used to this – remote desktop protocol – is an area that cybercriminals continue to actively exploit, particularly when employees may be using unfamiliar IT systems and may be less vigilant and aware of potential cyber risks.
What are the key risks businesses face from these potential attacks, and how serious could they be?
Ng: Whether these attacks are targeted at SMEs or large corporations across any industry, a breach can result in severe disruption to their business and reputation.
Short-term risks include immediate business operations disruptions and reputational damage affecting the perception and confidence of clients, stakeholders and potential investors.
Depending on the complexity of the attack, organizations could also face longer term risks such as prolonged disruption to business operations, resulting in a substantial loss in revenue. While it is very difficult to prevent cyber-attacks taking place, it is critical that businesses have on-going training for employees, the security procedures and protocols and the risk management in place to mitigate the risk and reduce the impact if a breach occurs.
Businesses should also bear in mind regulatory risks, including data protection laws and cybersecurity acts. These laws vary depending on jurisdictions and must be followed to ensure data is protected and to avoid further investigations and/or fines, as multi-jurisdictional lawsuits can lead to more complex situations and incur a significant amount of cost.
How should businesses – especially SMEs without the resources for WFH tech support or cybersecurity – protect employees, customers and business partners in this situation?
Ng: Regular education and training is important to ensure all employees understand the policies for working remotely and for starters, hosting virtual meetings securely to mitigate potential risks. This is particularly important when employees are working from home and using programs that may be new to them. This includes adopting a safe-use policy and security awareness training that guides employees on the know-hows of spotting malware (i.e. phishing emails, illegitimate websites), use of virtual meetings securely, and hygiene security practices (e.g. use of alphanumerical passwords, etc.).
These resources are readily available for companies to access online, for example, we have also produced a simple tips and tricks guide that businesses should take note of when working remotely.
Business leaders can also carry out cyber-hygiene checks on virtual-meeting service providers to ensure they have a good track record in terms of security and privacy protection, to avoid any security lapse that could potentially endanger the privacy of users and unauthorized access to sensitive data.
A simple measure for businesses and employees to undertake when conducting virtual meetings with business partners is to safeguard their meetings with end-to-end encryption and use one-time passcodes (OTP) and multi-factor authentication (MFA) to protect the privacy of its users and information.
Businesses without the capabilities and funding to develop their own security infrastructure should also consider adopting an outsourcing policy as the guidelines can effectively help service providers better understand the security needs of the business and provide strategic advice on meeting minimum security standards.
This may be daunting for an SME as it is not their primary business. Cyber insurance can help fill the gap. A partnership with an insurance company that provide pre incident services may be a solution to not only protect the balance sheet but also improve the organization’s security posture. If an incident occurs, they can get the assistance they need to minimize the downfall.