Data breaches are always expensive but have grown even more of an issue in current months as hackers ramped up to take advantage of coronavirus confusion.
There are various of reasons driving the uptick in breaches. More and more business — from online banking to e-commerce — is being administered online. Companies had to make an abrupt shift from most employees working in an office to working from home. In the rush to proceed with business as usual, many had to take some shortcuts with security.
During times of outbreak or change, cybercriminals capitalize on confusion and unpredictability. Experts say different kinds of attacks are on the rise. Businesses, both large and small, governments and individuals are all targets. Among the most popular types of attacks seeing an uptick are ransomware, destructive attacks, and island hopping.
Losses from cyberattacks can be great. In June, Japanese automaker Honda said ransomware attacked the company’s internal servers, including its production systems, forcing it to delay some of its auto and motorcycle production. Israeli fintech company Sapiens paid a $250,000 ransom in bitcoin after criminals threatened to shut down the company’s network. The company believes the attack occurred in March or April when employees started working from home.
The uncertainty around the pandemic and quickly shifting work and online habits caused ideal conditions for hackers who exploit current events.
The FBI said its Internet Crime Complaint Center has noticed “a notable increase in the number of complaints filed,” though only a fraction has been directly linked to the coronavirus. As of mid-June, the center said it recorded 12,377 COVID-related scams.
“As more people work and shop online, they are more prone to be targeted by online scammers,” said a spokesperson for the FBI.
Now hackers are shifting to concentrate on stimulus payments, unemployment, PPP loans, and benefits. On the day PPP loans first hit bank accounts, the websites of various large banks went down because of the wave in traffic. For smaller banks whose sites didn’t go down, there was a catch-22, said Breach Clarity’s Pascual.
Cybercriminal societies aren’t surely using new tactics, but attacks are growing more and more sophisticated. Scripts look for insecure databases and can sit undetected in a system for months, learning about how the system works, how and when backups are deleted and preparing for the attack.
The sudden surge in work-from-home systems increased the opportunity for cyberattacks. When the pandemic first hit, companies that went from maybe 10% of the employees working from home to 90% to 100% found that their systems were not intended to take on the increased load. To get employees up and running, the focus was on availability and getting people the tools and data they needed to work remotely.
This was mixed by ad hoc security controls early on, as companies struggled to get employees up and running. Now, as the crisis drags on, firms are realizing employees may need to work from home for the foreseeable future.
As the dust settles, many businesses are now seeing potential prolonged work-from-home arrangements and finding means to secure those systems. For large businesses with a lot of resources, cybersecurity professionals are in high demand. Smaller companies, on the other hand, are making it easier to hire services from a cybersecurity company.