A risk assessment released by Interpol this month provides a dire warning for businesses of all sizes and their employees working remotely.
“Cybercriminals are developing and boosting their attacks at an alarming pace, exploiting the fear and uncertainty caused by the unstable social and economic situation created by COVID-19,” says Jurgen Stock, Interpol secretary general. “The increased online dependency for people around the world is also creating new opportunities, with many businesses and individuals not ensuring their cyber defences are up to date.”
According to Interpol’s findings, the use of COVID-19 as a cover for online fraud was reported by two-thirds of member countries. Feedback suggests that 60 per cent of cyber threats were related to phishing scams and fraud, while over one-third were ransomware attacks.
The techniques being used by online scammers and thieves are as familiar as ever — phishing emails that impersonate corporate authorities.
Ransomware has also increased dramatically, says Interpol.
“In the first two weeks of April 2020, there was a spike in ransomware attacks by multiple threat groups which had been relatively dormant for the past few months. Law enforcement investigations show the majority of attackers estimated quite accurately the maximum amount of ransom they could demand from targeted organizations.”
In a recent webinar hosted by automation payment specialists Avidxchange, renowned cyber security and fraud prevention expert Frank Abagnale described COVID-19 as “a fraudster’s dream come true” due to the number of employees working remotely from home. Abagnale should know about fraud — he was the subject of the true-life crime movie Catch Me if You Can, starring Leonardo DiCaprio.
The problem, as Abagnale sees it, is that honest people don’t have a dishonest mind and therefore can be easily fooled by emails that should be suspicious. Social media is another tool for online fraudsters to gain access to key personal information.
He believes that passwords are at the root of most security issues facing companies and their employees.
“We’re still using the same passwords.”
It’s a technology from the 1960s that Abagnale claims is at the root of 86 per cent of malware and other security breaches.
The answer, Abagnale says, is improved education and ethics training for all employees, including senior management. When asked how businesses can better protect their organizations beyond education, he says the solutions lie in technology. A company unable to afford the technology to keep themselves safe needs to outsource it through a trusted third party.
At the same time, the increased use of personal technological devices continues to lie at the heart of the cyber-security problem itself.
“The network in most organizations has a dramatically expanded attack surface,” writes IT research firm Osterman Research in their 2019 white paper outlining online threats. “IoT [Internet of Things] devices are now commonplace and the number of these devices in the workplace is skyrocketing. Employees continue to use conventional endpoint devices like desktop and laptop computers. The ‘Bring Your Own’ trend has expanded from personally owned and managed devices (BYOD) to personally owned and managed cloud, mobile and desktop/laptop applications of many types. There is no longer a defensible perimeter that can fully protect corporate data, and so new approaches, technologies and practices are needed to protect corporate data and finances.”
Yet Osterman’s survey reveals a notable lack of corporate preparedness. For example, nearly 30 per cent of organizations do not have confidence in their current ability to secure critical data against ransomware attacks. Thirty-three per cent believe they are not “doing well” at protecting end users from malware infections.
Interpol says the cybercrime problem will only get worse in the near future.
“When a COVID-19 vaccination is available, it is highly probable that there will be another spike in phishing related to these medical products as well as network intrusion and cyberattacks to steal data. Vulnerabilities related to working from home and the potential for increased financial benefit will see cybercriminals continue to ramp up their activities and develop more advanced and sophisticated modi operandi.”
John Bleasby is a Coldwater, Ont.-based freelance writer. Send comments and Inside Innovation column ideas to firstname.lastname@example.org.