The Covid-19 pandemic has been a mammoth test of our economy’s resilience.
In the space of just a few weeks, business leaders who would’ve once never even considered remote working as a viable option, have transformed into agile working champions.
Only 9% of people in the UK say they want to go back to “normal” after this crisis passes. So, it seems like this pandemic may have triggered some positive cultural changes – and that includes the way we work.
However, while these attitude shifts may be the silver lining to a devastating period, it’s important to remember that this all happened very suddenly. For some firms, they experienced 1-2 years’ worth of digital transformation in the space of a few weeks.
And it has had consequences.
Savvy cybercriminals are seizing on the opportunities these rapid changes present while organisations try to retrospectively harden defences around the changes they’ve made.
So in this blog, we’re going to look at some of the main cybersecurity challenges our current Coronavirus climate has created, and share what organisations can do once they’ve been attacked in order to come out the other side the least scathed.
Cybercrime in Covid-19 times
This period has made the problem of cybercrime much worse. That’s not because there have been more of attacks but because they’ve been given a Coronavirus make-over.
Phishing campaigns, which attempt to obtain sensitive information such as usernames, passwords and credit card details, are now masquerading as Coronavirus updates, offering information around mask availability and vaccine development.
Scammers also use these interactions to infect PCs with malware – illicit software that captures user interactions, steals sensitive data and can even recruit zombie PCs into bot networks.
What has made this period particularly insidious is that these criminals are taking advantage of people’s innate desire to help others during a crisis.
We’ve seen some cybercriminals pose as organisations looking for donations to charitable relief funds. One even posed as the World Health Organization (WHO) and asked for donations – in Bitcoin.
But while creating a continuity plan and erecting sturdy defences are a key aspect of cybersecurity, it isn’t everything.
Because, sooner or later, you will be attacked. And how you respond after that attack will be equally consequential to the survival of your business.
Understanding the scope of the challenge
The reality is, no matter what you do, attacks from cybercriminals are going to keep on streaming in. And the escalation of these attacks over the last few years really can’t be overstated.
For instance, the Student Loan Company sustained 3 attempted cyberattacks in 2015/16. The following year, that number shot up to 95. But by 2018/19, the company experienced almost one million attempted cyber-attacks.
This perfectly exemplifies the scope of the threat. Even with all the protection in the world, this is a numbers game you will eventually lose.
IT professionals often like to cite the fact that cybercriminals can sit in an organisation’s corporate system for hundreds of days. So as important as it is to have a robust cybersecurity strategy, it’s equally important to have a plan for what you’re going to do after you get attacked.
Every organisation needs a quick and effective response strategy so they can spring into action immediately after.
Being secure isn’t just about technology, it’s about preparation.
Be proactive about your threat response
Being able to detect whether a bad actor is hiding in your system is crucial, as you can’t act until you know something’s wrong.
However, detection is the easy half of the battle as identifying a threat doesn’t mean you’ve stopped it. This is why metrics have been developed around the mean time to detect a threat and the mean time to respond to a threat. And understanding your capabilities in both is very important.
Once you detect a threat, the stopwatch begins. Remember that other than practical importance of eliminating a threat as quickly as possible, an attack opens you up to regulatory issues such as GDPR which made it illegal not to mention a data breach once you’ve detected one.
And regulation aside, not acknowledging a breach won’t do you any favours with the public if the truth comes out. And not doing this well can make a relatively insignificant attack a lot more damaging.
Organisations that have tried to play down or brush off attacks in their communications whilst the impact of the attack has caused the delivery of their services to be affected, have taken a fair share criticism in the press.
Therefore, it’s important your plan goes into who should be communicated to the instant there’s an attack, such as the CEO, customers facing staff and suppliers or partners.
Preparing for the worst will always be the smartest course of action. Do your homework and investigate whether you’re experiencing more attacks than normal.
This is where a security partner who understands the security landscape can help. We, for instance, often take our customers through tabletop exercises where we simulate an attack and let them practice their response to various scenarios.
Cybercriminals are becoming increasingly dynamic. And just like a good sports team, you can’t afford to underestimate your opponent.
So, making sure your people are trained for every eventuality is the closest you’re going to get to real security.
To make sure you’re informed of the latest threats, Fujitsu’s Cyber Security Advanced Threat Centre has been tracking the arrival and rapid growth of malware and phishing scams related to COVID-19.
Latest posts by David Patrick (see all)
- How the cybersecurity landscape changed post-Covid-19 - September 11, 2020