There’s no doubt that the COVID-19 pandemic created a paradigm shift within business operations. According to trend reports from Malwarebytes, around 70% of organizations had moved at least 61% of their workforce to a work-from-home model. These requirements yielded an increased use of video conferencing and team collaboration software, and businesses had to find ways to ensure that productivity was remaining steady despite the lack of face-to-face interactions.
On top of the operational changes, the cybersecurity world saw a rise of outside threats that looked to take full advantage of organizations as they scrambled to adapt technologically to the vast changes. Through the pandemic we saw a combination of newer attack strategies in addition to a more vulnerable workforce.
Increased External Threats
Hackers and scammers went above and beyond in terms of their methods and frequency of attacks throughout the pandemic. There were numerous data trends that proved this, however there are three main ones we want to focus on.
The first is how malware was being created and deployed. Deloitte reports state that prior to the pandemic, about 20% of malware that was deployed had never been seen before, and essentially would not be caught or picked up by a user’s antimalware software. During the pandemic, that number rose to 35%, meaning that malware development scaled to high levels and with more diligence to create unique, malicious code.
The second major trend worth noting was the use of an attack known as “credential stuffing.” Within just the first few months of the pandemic, over 500,000 video conferencing software credentials (usernames and passwords) were stolen and sold over the dark web. This had occured because of the credential stuffing technique, in which acquired credentials from one application or service are used by a hacker for another application or service. Much of the success of these attacks stem from the fact that many people reuse passwords across platforms.
The last major trend to evaluate was the prominence of phishing scams during the pandemic. Estimates show that phishing attempts increased over 600% during the pandemic, with credential harvesting phishing attacks being over 11% more successful than pre-COVID. Success of these phishing attacks have two main roots, the first and most obvious is just the volume of attempts that were being deployed by scammers. This tends to be common during major world events that can call for tons of communication traffic within an email inbox. The other cause has to do with the increased rate in which people fall for phishing scams as a result of remote working. This was found in a Deloitte article that states that 47% of individuals fall for a phishing scam while working at home.
To simply summarize the trends about organizational preparedness to the pandemic, most companies were not fully prepared for the security implications of a work-from-home model. Malwarebytes company surveys showed a few startling statistics:
The first is that 44% of organizations did NOT provide updated security awareness training specifically for a remote environment. It’s important to note that nearly 95% of all cyber incidents are negligent related, in which awareness training would be a critical security control. Combine that with a new remote environment that employees aren’t used to, and an updated security awareness training becomes absolutely necessary.
Next is that 45% of organizations did NOT do any type of security or online privacy analysis for the software tools that were needed for collaboration and productivity in a remote work environment. These types of reviews on software products are a key practice for cybersecurity purposes because critical information is processed through the applications, which can create potential security risks.
Lastly, 65% of organizations did NOT deploy new antivirus software for work-issued devices while 61% of organizations did NOT urge employees to use antivirus software if they were using personal devices for work. This is especially important when considering the increased deployment of malware throughout the pandemic.
A major world event such as a pandemic or economic downturn are always going to have consequences to how business operations are run, and where the technology trends end up. As we move into the tail-end of the pandemic and things begin to normalize, it’s important to review the emerging cybersecurity threats and organizational preparedness that we experienced from the COVID-19 pandemic so that we do not repeat past mistakes.