Like the indiscriminate coronavirus, the cyber risks that came with the unexpected shift in day-to-day activities did not discriminate. Sudden changes in routines and unfamiliar – and less formal – working environments, combined with the fear and uncertainty around the evolving virus situation, provided ideal conditions for cybercriminals to take advantage of the situation.
As businesses, employers, and employees, we learnt a lot from what 2020 threw at us to help shape our cybersecurity processes and procedures in 2021.
People are still trying to get it right
The rapid adoption of new technology meant many people had to re-learn the basics of how to stay protected. According to the latest OAIC Notifiable Data Breaches Report, human error accounted for 38 per cent of total data breach notifications from July to December, rising an alarming 18 per cent from the six months prior. This suggests Australian employees fail to recognise and mitigate emerging cyberthreats appearing under remote working conditions—and organisations are failing to act on these shortcomings.
While the introduction of security protocols such as multi-factor authentication and/or virtual private networks can help users stay protected, cybersecurity best-practices must be exercised to extract the greatest value out of these tools. Shockingly, almost half (45%) of human error breaches involved sending personal information to the wrong recipient via email. Other instances such as failing to use the ‘blind carbon copy’ (BCC) could have easily been avoided too.
There is a clear message here that cybersecurity awareness and training must be regularly conducted – whether employees are in the office or working remotely – to improve an organisation’s overall cyber-hygiene.
More attention paid to ransomware
The cyber threat spotlight shone brightly on ransomware in 2020. According to the Sophos 2021 Threat Report, https://www.sophos.com/en-us/labs/security-threat-report.aspx the average ransom payout in Q3 2020 was US$233,817.30 – the result of significant increases each quarter since Q4 2019. The Windows Remote Desktop Protocol (RDP) continued to be the most attractive attack vector, especially given its popularity as a remote access platform during the pandemic.
Not too dissimilar to regular businesses, ransomware attackers vary in their processes and methods have different target markets. Throughout 2020, ransomware families, like Ryuk and Dharma, have differentiated themselves, specialising in particular prey and attack methods.
Everyday threats such as commodity malware have also forced IT teams to remain on high alert. Meant to prod and test entry points, these threats can be easily mistaken as low-level priorities when, in fact, their purpose is to gather essential data to inform the next steps of a larger plan. This is exactly how Ryuk used Buer Loader to deliver its ransomware.
These threats, combined with the cybersecurity challenges of working from home due to widely varying levels of protection, make a deadly cocktail. In many cases, IT teams’ reactions to threats start with detection but end with inaction. IT teams need to treat every alert seriously and respond with a strategy to eliminate the threat entirely.
Adjusting to a COVID reality
2020 also exposed several security vulnerabilities of mainstream apps that exacerbated a culture of distrust and scepticism towards the technology industry.
ZoomBombing, for example, in the early days of the pandemic highlighted the intricacies of user privacy and security settings. The same can be said for the alleged smear campaign of the Houseparty app, which surged in popularity as a way of staying connected with friends and family. These instances indicated it was no longer acceptable to just go with one’s default settings without closely reviewing and understanding the actual implications.
This marked a new reality and a good lesson for everyone to be more vigilant. Our communication channels were bombarded with scams, spam and phishing attempts related to COVID in some capacity. This hasn’t slowed down.
As we progress through 2021, let’s remember what we have learnt in 2020 – sometimes the hard way – and prioritise cybersecurity as a top priority whether returning to the office or continuing to work remotely.