Cyber criminals are taking advantage of the Coronavirus pandemic with their ploys, targeting individuals and businesses.
The outbreak of the coronavirus pandemic has led to cyber criminals taking advantage of the situations with coronavirus scams. The virus which was conceived to be a minor health challenge at infancy has unfortunately grown to become a pandemic of a global scale which has crippled the socio-economic activities of many countries.
The ravaging effect of the virus has since spun-off on the cyberspace, with experts suggesting that it could pose the largest cyber-security threat in contemporary times. Of course, the COVID-19 is not a digital virus or malware specific to computers or devised to threaten cybersecurity. However, it has underlying effects on the society at large, including the cyber security.
The Interaction between the COVID-19 Pandemic and Cybersecurity
As earlier asserted, COVID-19 is primarily a health challenge, thus on a surface level, connecting it to cyber-security may be too remote. However, in reality, cybersecurity cannot be separated from this global threat, as the disruption of physical based activities by the pandemic has led to an upsurge of online and virtual based activities.
In a bid to contain and control the widespread of the disease, the World Health Organization and various Health bodies around the globe strongly advocate for solitary living, social distancing and minimized physical interactions.
This has prompted many organizations around the world to initiate a work-from-home policy using computers and the internet as office spaces. According to a survey, about 46% of American employers and business owners implemented a work-from-home strategy as far back as mid-February; of course the numbers should have increased significantly since then.
In another report, Telecommunications giant Vodafone, has been reported to have recorded an increase of over 50% of internet subscribers in some European countries. Globally though, online related activities and services have recorded a tremendous increase in patronage, more especially in countries heavily affected by the pandemic.
This is as a result of the strict restriction of movements in most countries. People are shopping more online, doing businesses and holding meetings more online, and even educational and religious activities have moved online as well.
The major shift of our social activities to the internet has occasioned a tremendous threat and even greater risks and exposure to cyber crimes.
Individuals, governments and corporate bodies all share in this risk, as it is becoming increasingly difficult to maintain the integrity of the global cyberspace even in distinguished units.
Statistics don’t Lie
Cyber criminals have increased their activities on the web, leveraging on the massive adoption of the internet as the new socio-economic hub to perpetrate various fraudulent acts.
They also want to exploit people’s fear and anxiety in these arduous times. Their methods of operation includes phishing and malware attacks, hacking into private online conference and meeting rooms, hijacking transactions and selling fraudulent products claiming to cure the corona virus.
Zscaler a top cyber-security firm, has reported that over 380,000 COVID-19 related phishing emails were sent to various individuals in the month of March.
Another security firm RiskiQ has also indicated that more than 300,000 web domains that are also COVID-19 pandemic related, have been registered since the start of the virus. Although it is not certain the percentage of genuine websites among the recently registered domains, however what is certain is that many of them are intended for phishing attacks and other online fraud.
The UK reported that victims had losses equivalent of one million dollars in the month of February alone from a wave of coronavirus online scam. The U.S Secret service has recently sent a series of notification and warnings to individuals and corporate organizations on the increase of coronavirus scam emails.
Further investigative reports indicate that most phishing attacks impersonate government agencies and the World Health Organization, attempting to lure potential victims into filling sensitive banking details. Sometimes they send spoofing links which when clicked, important personal details like passwords could be accessed by the scammers.
Menlo cybersecurity company reports that recent wave of attack on corporate bodies has seen sensitive login, administrative and financial information stolen. Menlo notes that between February 25 and March 25, there was 32 times increase in daily successful attacks.
Teleconferencing and online meetings are becoming the trends for organizations in this time; however, it has also exposed them to more cyber crime risks.
The recent outcry against Zoom, a teleconferencing service provider, is a testament to that fact. Clients have recently reported various forms of cyber attacks and hack into their teleconference and meetings.
Cybercriminals gain access to meetings to pick sensitive discussions, and sometimes they impersonate individuals and companies to set up meetings with their clients.
Beyond individuals and corporate bodies, these cyber attacks have not left out governments too. The Italian government was a recent victim when her social security website was hacked.
The state of Rhine-Westphalia in Germany also came under COVID-19 phishing attack with tens of millions supposedly earmarked for coronavirus emergency aid funding lost to the scammers.
These are just a reported few amongst a ton of daily successful attacks and attempt as scary reports asserts that thousands of sensitive documents, including login credentials and emails have been leaked online.
Securing the Cyberspace in the Pandemic
The cyber threat posed by the pandemic requires an utmost act of care and caution by individuals and companies in their online dealings. Here is a brief guideline that can help you protect yourself and your IT infrastructures.
It is however important to note that the security protocols suggested may not be ultimate; it is advisable that organisations review their IS security policies by consulting with a local IT security expert.
- Always maintain hard-to-guess passwords across your online platforms. Ensure it incorporates the combination of numbers, symbols, capital letters, and lower-case letters.
- Make sure that your devices and software are always up-to-date. Outdated software are vulnerable to attacks.
- Employ the use of good virtual private network. VPN help to secure your connections. It is important that you do your research before choosing a VPN.
- Do not be in a hurry to open or reply to every email sent to you, especially if it is suspicious, the sender is unknown, or it contains some tempting offers.
- And if it is important but looks suspicious, make conscious attempts to verify the credibility and source of the email.
- Employ the use of anti-virus and anti-malware programs on your devices.
Companies and corporate bodies seem to be at a higher risk in this time, mainly because of the amount of personal and financial information possessed by them.
According to Andrew Jackson, the CEO of intercity technology, companies must be able to provide more than anti-virus and anti-malware in securing their cyberspace. He further suggests the provision of Mobile Device Management; which is security software securely duplicates data and control to approved mobile operating system. This software is also important in ensuring a work-from-home policy.
- Regularly train employees on how to spot phishing emails. It is important to conduct this training as often as possible because scammers always change their tactics.
- Every work related software should be updated as soon as necessary.
- Provide a good VPN for employees and also establish multi-factor authentications where necessary.
- Change passwords if you have any doubts.
Importantly, employ a skilled in-house IT security personnel or consult with a well reviewed IT security firm.