In a study by ESG and ISSA, 20 percent of the surveyed cybersecurity professionals reported a significant increase in cyberattack incidents related to the COVID-19 pandemic. In response to the increasing volume of cyberattacks, many organizations have amplified cybersecurity and reconfigured their security controls.
Common pandemic-related threats
Cybercriminals continue to take advantage of the chaos, panic and destabilization caused by the COVID-19 crisis to perpetrate their heinous acts. Just over a month after the outbreak was declared a global pandemic, WHO reported a surge in cyberattack attempts targeting healthcare workers and the general public.
Here are some of the common threats greatly escalated by the pandemic:
COVID-19-related phishing attacks went up 667 percent between February and March. A majority of these were scam emails and brand impersonations done through fake websites and compromised business emails.
Malware and ransomware
Numerous malicious software applications have debuted during the pandemic. They include banking, mobile, crypto-mining and phishing-related malware.
WFH device attacks
Due to movement restrictions, many institutions have resorted to frantically putting together remote working infrastructures to enable their staff to work from home. Allowing employees to access corporate networks and online resources remotely through their personal devices may create exploitable security loopholes. In fact, many businesses have amplified cybersecurity in terms of network security and round-the-clock traffic monitoring to reduce the inherent risks of remote working.
Addressing cybersecurity during and after a pandemic
The ongoing pandemic has truly tested businesses’ resilience, agility and ability to counter rampant security threats. A post-pandemic world may still be riddled with serious threats as businesses and communities come to terms with the new norm.
Now is the time to rethink your entire cybersecurity strategy not only to make it through the crisis but to future-proof your company against the next global or internal turmoil. Draw from the lesson learned during the COVID-19 crisis to prepare your business for the unexpected. Doing so will ensure business continuity and preserve your brand’s reputation during difficult times.
Implement new tactics
Besides structuring an amplified cybersecurity framework, it’s also essential to unlearn old ways and adopt new strategies. Remember, effective cybersecurity protocols rely on incremental improvements.
One of the greatest challenges during the crisis is getting employees to collaborate remotely on a secure platform. You must revamp your network and end-to-end security to guarantee data and user protection in a remote working environment.
This is just one example of the additional techniques you can apply to your defense plan. You can also look into multi-factor authentication, email screening tools and dedicated anti-malware to fend off social engineering threats targeted at work-from-home devices.
Restructure your organization’s leadership
Assign clear leadership roles to your CISO and other members of the IT security team. Define security practices and responsibilities to ensure there are clear procedures to follow during a crisis. Senior-level security executives should focus on protecting the organization’s digital infrastructure without disrupting critical business operations. There is always a need for authoritative leadership when it comes to risk and crisis management.
Train employees in cybersecurity
Employees are usually the prime targets for scam emails, malicious vectors and brute force end user device attacks. Although employees are your first line of defense, the human element is the weakest link in any cybersecurity system.
Supplement your amplified cybersecurity measures by sensitizing your staff on best practices. Explain the need to observe security protocols and instill a sense of security accountability within each employee. Make them aware of the severity of potential threats and how to identify and protect the company against imminent attacks. Crucially, teach your staff to avert social engineering attacks and avoid making careless mistakes that could jeopardize security.
Risk mitigation, especially during and after a crisis, calls for a collective company-wide effort. More importantly, you have to reassess your threat awareness and preparedness and explore new ways to tackle emerging challenges. Reach out to us today to gain amplified cybersecurity and protect your business and remote workforce.