INSUBCONTINENT EXCLUSIVE:
The ongoing pandemic has demonstrated how efficient cybercriminals are in exploiting the fear and anxiety that has been generated on a
They do this through social engineering methods and taking advantage of unsecured channels of communication.Businesses have had to adopt a
new way of working with the majority, if not the entirety, of workforces transitioning to working from home
Technology has been embraced on a new level with video-conferencing tools and communication channels adopted as the principal way of sharing
data, not always with the correct security measures in place.So, with VPN networks overloaded and fake news more prolific than ever,
What are the necessary steps that businesses need to employ in order to stay safe when we are all at our most vulnerable, both
professionally and personally?Why is social engineering so effective in a crisis?Social engineering is a method to urge people doing
something in the interest of the attacker, by using different emotional motivators - like a sense of urgency, fear, anxiety or curiosity
And mass media stories are a source for such pretexts
When something is happening, people are looking for new updates, and the attacker can provide such updates in exchange to people doing
something, for example, clicking on a link in an email - activating a malicious script.This has been prevalent during the Covid-19 pandemic
when anxiety has been high on a global scale
People have been forced to work from home and can feel lonely, making them more vulnerable to social engineering
According to the UK cybercrime reporting centre, Action Fraud, March saw a 400% increase in the number of coronavirus scams
These have included numerous phishing campaigns under the guise of respected bodies like the UK Government offering grants, tax rebates or
compensation in exchange for the submission of sensitive data
Most recently, social engineers have taken advantage of the lockdown situation by sending fraudulent text messages supposedly from the UK
Government saying that a penalty needs to be paid for breaching the lockdown restrictions with a link to pay directly to a non-government
website.Cybercriminals love video conferencesWhile many businesses are transferring to remote working to keep in line with lockdown
restrictions, new methods of digital communication are being embraced by companies on a global scale
The adoption of video conferencing has made companies like Zoom a household name
Even Boris Johnson has been using this piece of software to conduct meetings whilst in self-isolation, nearly falling prey to a data breach
himself by accidentally posting a screenshot of a cabinet meeting with the login details visible to all.But how vulnerable are these video
conferencing tools? Often, they require the installation of plugins and executable modules via a link shared in a meeting invite
Also, video-conferencing systems can have critical vulnerabilities that allow attackers to get access to sensitive data, such as grabbing a
For example, in July 2019, such a vulnerability was discovered in the Zoom Video conferencing system
The company has vowed to spend the next 90 days thinking about its privacy and already has upped its security game.Whose responsibility is
awareness level for employees - providing them with validated remote collaboration tools and clear communication instructions on how to deal
with unexpected situations
Employees, in turn, should treat information assets more seriously whilst working remotely, since it is more difficult for them to quickly
Some travel insurances, like InsureandGo, are even waiving compensations for impact during the travel chaos caused by the pandemic.It has
certainly flagged the importance of cybersecurity insurance when it comes to protecting data
In recent years there has been a rise in cybercrime with 4.5 million incidents in England and Wales in 2018
Yet a recent study found that more than 8 in 10 businesses have neglected to take out insurance policies against the impacts of a potential
breach, leaving them increasingly exposed in the current environment.However, with cyber insurance, not everything is clear and still, there
The industry view is that Covid-19 will definitely have an impact on the cyber insurance situation, especially if there is a logical
And this is the challenge - since not all VPN solutions are designed to deal with such a rapid increase in the number of connections and
Simply said, most systems are probably not ready to support all employees working from home.Due care should be taken by employees to
minimise inadvertent sharing of sensitive data
A clean desk policy should be followed
Documents which users are working with should be taken to a minimum
Also, special attention should be paid to keeping all software up to date, all security patches should be installed
Depending on the technology of the IT support team, it could be more difficult to keep updating computers that are connected remotely
Also, the most important step should probably be having an alternative trusted communication channel that can be used to verify the sender
of a critical message.Businesses should be implementing a well-balanced set of practices, including awareness campaigns, training sessions,
checking vulnerabilities in the software, monitoring of systems, proper incident management procedures
The strength and security of each system depend on the weakest link, therefore it is necessary to keep up with everything, gradually
ability to deal with cyber threats
Lessons learnt during this time will certainly help companies to become more mature and deal with more serious threats in future.Andriy
Lysyuk is Head of Cyber Security at Ciklum
