Cybersecurity Threats During Covid-19
Humans are considered to be the most vulnerable link in cybersecurity. The COVID 19 is the pandemic caused by a virus in humans and already more than 1 crore people are affected by this pandemic by October 2020. The cybersecurity threats have increased during this situation as the companies have adopted the new normal that is work from home in which people lack the knowledge to protect their systems from cyberattacks.
Some of the cybersecurity threats are lack of awareness which causes vishing and social engineering to circumvent the existing processes. There is a lack of applying patches to the obsolete and vulnerable configurations and the new normal of working from home has put the burden on trust, data security, and cybersecurity.
Usually, in the office we have security such as LAN being protected, virus definitions were updated periodically and the internet was protected with Firewall, IDS/IPS, and a host of other features. Suddenly in this COVID 19 situation people who work from home offer a lot of vulnerabilities and threats that are not secured such as phishing, targeted attacks, Ransomware, and malware, etc.
Possible cybersecurity threats during the Covid-19
The cybercrimes in the era of COVID 19 have cost globally $114.4 million as of August 2020 due to fraud alone. The fraud cases are around 172,000 globally during the pandemic. According to one estimate, global crime would rise to $6 trillion by the year 2021. Due to COVID 19, the businesses were disrupted and offered new cases of cybersecurity threats by hackers and fraudsters.
There are already cases such as Ransomware that made Honda shut down the operations in the US. The recent data breach affected 500,000 Zoom users. As the hackers are opportunists, they target the most collaborating platforms around the world which are used extensively by home offices, hospitals, and schools for meeting and training purposes. Phishing and Vishing have increased significantly and also contribute to smishing or SMSishing, in which the hackers send phishing messages through SMS text.
Some of the methods that hackers use are to exploit the new vulnerabilities during the new normal of the pandemic scenario.
- Information-stealing scams – They steal money and information by putting the fake website that imitated the actual government website on the COVID 19 information steals credentials.
- Ransomware and Malware attacks – During the new normal of COVID 19 work from home many lack the latest virus definition, anti-malware software, HIPS, have admin privileges, and no firewall on the wireless and cables/fiber networks. This has caused an increase in Ransomware and malware attacking the laptops and desktops of office people and school students.
- Work-from-home vulnerabilities – Again there are weak links in the network of the office people working from home. Several videoconferencing links and passwords have been hacked and hackers can access the company network.
- Fake products – During the COVID 19 the hackers have increased their activities on the web and sell fake products such as masks, sanitizers and extract money from genuine buyers and without selling any of the products.
- Malicious domains – The Coronavirus, COVID 19 keywords are increasingly used on the internet today, the cybercriminals are creating fake websites to create spam campaigns and introduce malware in the systems to those who are visiting these websites.
- Mobile Vulnerabilities – The increase in mobile or cell phone or smartphone usage with no security for the privacy of data and personal data has caused many breaches during the COVID 19 situation. Hackers are making every attempt to steal data such as card information, personal information, and other cases such as phone numbers; photos, etc, and sell them on the dark web.
- Unknown applications – There has been a recent surge in the applications causing privacy issues to the users by capturing their phone contacts, card information, and other private information.
Tip to overcome cybersecurity threats and cyberattacks during Covid-19 pandemic
Unknown links – First thing to do is to avoid clicking on unknown links in the spam and phishing emails as well as in SMS and WhatsApp etc. These links may seem original but they are not they must be avoided and trust only genuine emails or SMS. These unknown links may direct you to unknown websites which are malicious or make you download the malware in your systems
Firewall – Always enable the windows defender firewall and do not disable it at any cost. Also, ensure you have blacklisted the unwanted categories. A firewall will ensure undesired traffic from and into the system is blocked.
Anti-Virus and Anti-Malware – Always ensure you have anti-malware software installed in your system to prevent malware, virus, Trojans, worms, rootkits, spyware, and botnets, etc. Have the anti-malware updated with the latest definitions? Periodically schedule anti-malware scans on your system to quarantine the malicious software.
Latest Patches – You might be working from home, as soon as you connect to the office network ensure that you apply the latest bug fixes and security patches on your system. These patches ensure that the existing vulnerabilities are fixed and closed.
Phishing emails – Due to the COVID 19 pandemic the hackers are using advanced techniques to capture private and personal information through phishing emails for the sake of money. Always ensure you do not click the malicious links in the emails and do the financial transaction safely.
Mobile Security – Smartphones provide a lot of benefits such as video conferencing, web browsing and surfing, SMS, WhatsApp chatting and audio-video calls, etc. However, remember to safeguard the smartphone with security software available in the play store. There free security software that prevents your phone from spyware and other malware from being installed on your phone. Have phone locks with dual authentication for all the critical applications such as banking etc.
Avoid unknown applications – Do not download unknown applications on your phone from the play store which requires your personal information and credit/debit card transactions. They may be fake and exploit you by allowing you to share your credentials.
Authentication – Always have dual authentication on your phone or laptops or your computers even for the applications. The banking applications must have multi-factor authentication to ensure that your applications are not hacked. Have app locks in mobile applications if needed.
Do not share credentials – User name and password must not be written anywhere on the computers or in the paper, remembering your user name and password is the only option. Ensure you do not share credentials with anyone even if they are very close to you. Have a complex password and follow a stringent password policy.
Training and Awareness – Ensure you are always aware of your surroundings and follow the necessary cybersecurity tips described above. Personally, I suggest you take cybersecurity training from Great Learning in collaboration with the Stanford center for professional development.
Unknown SMS links – In COVID 19 era there are updates that we have found that there unknown SMS and unknown links in the SMS that directs you to fraudulent websites and ask for your personal information and credentials. This type of phishing as we have discussed is called smishing or SMSishing. Be secure and know where the SMS has come from.
Wireless security – You need wireless for your smartphone as well as for your computer. Ensure that the wireless is protected with a complex password and there are no Hotspots in your smartphone which is on when not required. Do not connect to the public internet unless it is encrypted and protected with a password.
Collaborative tools – Do not sign in to any web collaborative tools which are not from genuine members. Confirm the suitability and security of the video conferencing modes. Do not reveal confidential information on the videoconferencing collaborative tools. Avoid sharing passwords or credentials in the meeting rooms, as you never know who are all have connected to the collaborative tools on the other side.
Malicious websites – Hackers are increasingly intelligent and use advanced techniques in doing malicious things. It is estimated that during COVID 19 there are 100,000 malicious websites on the internet. Unless sure do not browse through any malicious websites in the new normal.
Backup – Always remember that the important information in the cloud, computers, and the phone are backed up and archived so that the critical information is available when required.
Now that you know the security threats and also overcoming these threats using the tips which I have mentioned above to safeguard your information during the COVID 19. As we have said at the beginning of this article the weakest links in cybersecurity are humans so encouraging them to be aware of security practices is a must! You can take help from cybersecurity courses to enrich your knowledge in this domain and be a valuable asset to your organization.