The coronavirus has impacted businesses and the lives of many around the world.
As the pandemic intensifies, cybercriminals are using this time to take advantage of vulnerable users. The number of cyber attackers, whether they are using phishing attacks, hacking or other malicious attacks, is increasing in organisations and they are now using the pandemic to further deploy such attacks.
With companies making use of increased mediums of technology to conduct work-related activities, the emphasis on cybersecurity has intensified. However, while there may be a number of security measures in place, the end-user will always remain the most vulnerable target. Creating a culture of cybersecurity awareness is therefore a key component to help combat cyber threats and attacks on organisations.
As the deadly pandemic intensifies and as we navigate the challenges that are presented, many of us are settling into working from home as the new normal. The new way of working has posed many difficulties such as maintaining calm and focus; balancing non-work-related priorities such as child care and family life; getting used to a new working office space; and of course the struggle to avoid the food and snack cupboard. These are the challenges we face and the compromises we make, but what we cannot compromise in this time is information security.
More than 100 000 new web domains have been created during the COVID-19 pandemic. (See https://unit42.paloaltonetworks.com/how-cybercriminals-prey-on-the-covid-19-pandemic/ for up-to-date statistics.)
The cost of security threats affecting organisations can be significant if not managed adequately. Cyber attackers are lurking and taking advantage of people working from home. Generally, a network set-up from home will not include the same security measures found in a corporate environment. Organisations have not distributed suitable technologies or even security policies to ensure that all organisation-owned technologies − including organisation-owned devices − have the same security measures in place. This includes the use of enterprise or Wi-Fi networks.
Organisations need to understand the IT security threats faced by their IT environment and ensure that these are adequately addressed. IT security awareness programmes must be planned, implemented, maintained and communicated to employees. Employers need to set up clear and concise security communication to employees with the focus on educating end-users about these threats.
The COVID-19 pandemic has seen a significant increase in phishing emails, a common threat that has intensified in this time. Phishing attacks are highly targeted emails designed to induce the recipient into divulging passwords, providing bank account information, or using malware to directly cause financial losses. Cybercriminals are using fake email addresses that pretend to be from a legit source asking for valuable information. The following are warning signs of phishing emails:
|Non-personalised greeting||A phishing email will generally start with ‘Dear User’ rather than your name|
|Urgent/threatening language||Phishing emails often have an urgent or threatening tone.Common phrases seen are: ‘Your account will be terminated’, ‘Your urgent response is required’, etc|
|URLs do not match and are not secure||A phishing email will always contain a link or an attachment|
|Poor grammar and/or misspellings||Phishing emails often contain spelling errors|
|The subject matter does not relate||Phishing emails generally contain subject matter that does not relate to you. An example would be banking information required for a bank you are not banking with|
|Request for personal information||Phishing emails mostly request personal information such as information about the organisation, your address, account number, cell number, etc|
Employees can implement the following measures to protect their data and networks:
Organisations can protect their data and networks in the following ways:
Awareness is one step closer to preventing these attacks on organisations in the first place. After all, prevention is better than cure.
AUTHOR │ Pranisha Rama CA(SA), Senior Lecturer in Auditing at the University of Johannesburg