By Loretta Worters, Vice President, Media Relations, Triple-I
Advanced persistent threat groups and cybercriminals are likely to continue to exploit the COVID-19 pandemic in the coming weeks and months. Weak and stolen passwords, backdoors, application vulnerabilities, malware and insider threats have been among the most common causes of data breaches in the past. But according to a recent Willis Towers Watson report new threats include:
- Phishing, with the substance coronavirus or COVID-1
- Malware distribution, with coronavirus or COVID-19 baits;
- Registration of new domain names containing formulations related to coronavirus or COVID-19; and
- Attacks on newly and often rapidly distributed infrastructure for remote access and teleworking. Ransomware has become a big business for "professional" criminals, crippling both large and small businesses. But small businesses are particularly attractive targets because they have the information that cybercriminals want and they usually lack the security infrastructure of larger companies.
A remote force due to COVID-19 has prompted many organizations to address issues of remote access and the need for multifactor authentication and virtual private networks (VPNs). But others – less cyber-savvy – have left themselves vulnerable to cyber attacks.
In addition, vishing (via phone) and smishing (via SMS or WhatsApp) attacks have also increased in frequency, and in a work from home where colleagues and customers increasingly connect via mobile phones, vulnerability increases, according to a new AON report. Short message attacks will generally try to redirect a victim to a compromised website to harvest user data.
According to a recent survey by the Small Business Administration, 88% of small business owners considered their businesses vulnerable to cyber-attacks – and that was before the pandemic. Still, many companies can not afford professional IT solutions, have limited time to engage in cyber security or do not know where to start. Tips to Improve Cyber Security and Prevent Hacking:
- Understand Your Cyber Risks . Companies are vulnerable to cyber attacks through hacking, phishing, malware and other methods.
- Train staff . Those who carry out cyber attacks find a starting point for a company's system and network. A company's exposure can be reduced by having and enforcing a password policy for its employees.
- Keep the software up to date . Companies should routinely check and upgrade the most important software they use.
- Create backed up files and store outside the site. A company's files should be backed up either as an external hard drive or on a separate cloud account. Taking these steps is crucial for data recovery and ransomware prevention. Ransomware is when a cyberattack results in a situation where a company is asked to pay a fee to regain access to its own data.