With global cybercrime, damages already estimated near $1 trillion in 2019,[1] the threat to businesses and their remote employees surged as lockdowns and social distancing first hit in early 2020. Organizations ranging from enterprise to SMB face enhanced strategic, financial, and regulatory risk from data breaches, while employees are increasingly concerned about home network cybersecurity.
Evolving Cyber Threat Landscape
Throughout 2020, worldwide ransomware attacks increased almost 500%[2] and now frequently include extortion, forcing firms to pay to avoid embarrassing public data leaks. Other trends distinguishing “post-pandemic” cyberattacks from prior years are marked differences in areas below:
Target Scope: Attacks increasingly target real-world critical infrastructure with the potential to cause serious physical harm. A September 2020 attack on a German hospital resulted in the first reported death from ransomware[3], while incidents against US Colonial’s oil pipeline and the JBS meatpacking plant shocked global supply chains.[4]
Widening Threat Vectors: As workers began connecting remotely to corporate networks, formerly sufficient defenses were weakened by co-existence with users' home networks, replete with comparatively insecure smart homes and connected entertainment devices.
Financial Impact: IBM’s “Cost of a Data Breach” report[5] estimates that the average cost of an incident reached $4.24 million in 2021, 10% higher than 2020 and the largest single-year increase in the last seven years.
Sophistication: Discussions with cybersecurity experts highlight a general trend of criminals emphasizing "quality over quantity," improving spearfishing expeditions by carefully targeting their victims, obfuscating the source of the intrusion, and other techniques to circumvent standard security practices.
Criminals have specifically leveraged the pandemic and work at home trends by opportunistically exploiting new vulnerabilities:
- Public uncertainty and fear over COVID-19 itself – 4% of global users report[6] clicking on fraudulent links for contact tracing, government relief/stimulus benefits, vaccine schedules, and home testing kits.
- Lack of cybersecurity savviness - Malware-infected mobile apps disguised as remote work tools and email phishing campaigns impersonating Zoom have tested even tech-savvy employees’ ability to distinguish legitimate sources from fraudulent ones.
- Awareness of potential threats - An October 2020 ransomware campaign targeting 250,000 Zoom users claimed (falsely) that “compromising personal footage” had been recorded of them using publicly known security holes. The hackers extorted ransom from victims before stealing corporate login credentials as the basis for further attacks.[7]
- Dependency on Tech Support - An investigation into July 2020’s infamous Twitter Hack determined[8] attackers used well-scripted “social engineering” to impersonate IT staff by offering to resolve VPN issues. With so many workers outside of their technology comfort zone, experiencing legitimate technical issues and reduced contact with IT colleagues, it is little wonder the FBI noted forms of “tech support fraud” jumped 171% in 2020.[9]
Reflecting increasingly blurred lines between work and home domains, post-pandemic cybersecurity requires shared responsibility between employers and their workforce. As the traditional separation of networks, devices, and appropriate usage erodes, intrusions no longer remain isolated to the initial point of attack -- weak security anywhere risks data everywhere. The fluidity of devices moving freely across networks is why firms are increasingly adopting “Zero Trust” security principles and architecture.
This is an excerpt from Parks Associates library of research and the research report, “Work Transformed: Impact on Communications and Technology Markets.” Social distancing guidelines brought on by the COVID-19 pandemic have caused shifts in where and how people work. This report outlines how different industries have adjusted their work environments and processes to accommodate social distancing guidelines, the technologies that businesses have adopted to accommodate new work processes, and the emerging support needs driven by the adoption of these new technologies.
[1] McAfee Research “The Hidden Costs of Cybercrime”
[2] BitDefender, “2020 Consumer Threat Landscape Report”, published March 2021
[3] Wired ”The Untold Story of a Cyberattack, a Hospital, and a Dying Woman” November 11, 2020
[4] CNBC ”, June 4, 2021
[5] IBM, ”Cost of a Data Breach, Report 2021”
[6] Norton “2021 Annual Threat Report”
[7] BitDefender ”COVID-19, Zoom, and Bedroom Lewdness Make for Sly Tactic” October 28, 2020
[8] Tech Radar ”Stolen VPN Credentials at Heart of Infamous Twitter Hack”, October 19, 2020
[9] Federal Bureau of Investigation, ”2020 Internet Crime Report”, published March 2021
If you enjoyed this article, be sure to subscribe to our newsletter on LinkedIn: https://www.linkedin.com/newsletters/the-connected-consumer-6876368780553990144/