cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Cyber Risks Are Rising as a Result of the Pandemic

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Cyber Risks Are Rising as a Result of the Pandemic

Re: Cyber Risks Are Rising as a Result of the Pandemic

Community Manager

guy-telework.jpg

The rush to set up employees to work from home as a result of the COVID-19 outbreak has increased data protection and privacy risks, according to 87% of IT leaders who participated in a recent poll.

 

However, only about half of respondents (51%) say they are “highly confident” in their organizations’ ability to address cyber threats during the pandemic, according to the poll of 3,700 IT professionals by ISACA. At the same time, the study found, 58% of respondents believe threat actors will take advantage of the pandemic to disrupt organizations, while 92% say threat actors will step up attacks on individuals.

 

The results are in line with those of a survey conducted by (ISC)2, which found that among those respondents who say security incidents have already increased (23%), some have seen incidents surge by as much as 100%. Other studies also indicate cyber threats are on the rise as cybercriminals try to exploit new work-from-home (WFH) practices necessitated by the pandemic.

 

Growing Risks

The ISACA study surveyed about 3,700 IT audit, risk, governance and cybersecurity professionals from 123 countries in mid-April with the goal of assessing the impact of COVID-19 on their organizations and jobs.

 

The study reveals that 60% of enterprises recognize that threat actors are exploiting the COVID-19 crisis to target their systems and employees. And although 80% of organizations shared best practices with WFH employees so they could avoid cyber threats, 87% still feel the rapid transition has increased risks.

 

The new WFH practices caught many companies by surprise, and some didn’t even have enough equipment to set up all their workers in remote environments. As organizations look for solutions, in some cases they may be increasing their exposure to cyber risks.

 

View From the Trenches

On May 19, (ISC)2 will host a follow up to its popular COVID-19 webinar from April 28. Titled “Continuing the Conversation: What We’ve Learned From the COVID-19 Outbreak” the webinar will be devoted to the economic impact (budgets slashed with no revenue coming in) of the shutdown caused by COVID-19. In addition, discussion will focus on what re-opening an office may look like and how the current situation affects individuals both physically and emotionally. You can register for this webinar at: https://www.isc2.org/en/News-and-Events/Webinars/ThinkTank?commid=407646

1 Comment
Contributor I

This risk is also at the nation state level as stated in a ZDNet article By Danny PalmerMay 5, 2020, Security warning: State-backed hackers are trying to steal coronavirus research "State-backed hacking groups are targeting healthcare and other organisations involved in national and international responses to the coronavirus pandemic, the UK's National Cyber Security Centre (NCSC) and the US Department of Homeland Security's (DHS) Cybersecurity and Infrastructure Security Agency (CISA) have warned."

 

RDP attacks have gone up as noted by By  Catalin Cimpanu for Zero Day in his April 29, 2020, ZDNet article Kaspersky: RDP brute-force attacks have gone up since start of COVID-19 

 

Then you have attacks from "PPE phishing scams to ransomware to hospital supply chain risks, hackers and scammers are seizing on the chaos of the coronavirus crisis."  noted in an article by Nathan Eddy, April 08, 2020, in Healthcare IT News, Cyberattacks continue to mount during COVID-19 pandemic 

 

This FBI Public Service Announcement from the FBI's Internet Crime Complaint Center is very good and still relevant and it covers considerations that I think all of us cybersecurity professionals need to keep in mind - refer to CYBER ACTORS TAKE ADVANTAGE OF COVID-19 PANDEMIC TO EXPLOIT INCREASED USE OF VIRTUAL ENVIRONMENTS 

 

This is a key point made in this announcement for those of us who are educators "Today's rapid incorporation of education technology (edtech) and online learning could have privacy and safety implications if students' online activity is not closely monitored."