The impact of COVID-19 on the cyber-threat landscape was discussed by a panel during a virtual roundtable session held by Orange Cyberdefense and the UK Cyber Security Association.
Citing Orange’s Security Navigator 2021 report, Charl van der Walt, head of security research at Orange Cyberdefense, began by outlining some unexpected trends in regards to incidents detected in the early stages of the crisis. Comparing two countries that took differing approaches to dealing with COVID-19 infections, in the tightly locked down France, there was a decrease in confirmed cyber-incidents of 18%, whereas in Sweden, where there was a much lighter approach to social distancing taken, the number of incidents remained similar. This “inverse” effect may be explained by the reduction in economic activity in these early months. “There were fewer people busy, connected to the network, fewer computers online and less interaction,” noted van der Walt. Therefore, the predicted surge in attacks did not occur over this time.
However, Lisa Ventura, CEO and founder, Cyber Security Association, said that her organization has observed attacks on SME businesses in the UK rise substantially since the start of COVID-19. From research and conversations with these organizations, “the vast majority have suffered a data breach or cyber-attack and a considerable two-in-five have admitted that they’ve suffered multiple breaches,” she outlined. The types of attack vectors have been varied in nature, including phishing, malware, ransomware and CEO fraud, with COVID-19 frequently used as a theme.
A major factor in this increase is the shift to home working, making organizations particularly vulnerable. Encouragingly though, “with the move to getting everybody working from home quickly last year from a business continuity perspective, we’re seeing more SMEs finally starting to take their cybersecurity posture much more seriously.”
There are parallels between these two apparently competing observations, according to Stuart Reed, UK director of Orange Cyberdefense. He noted that during COVID-19, the “digital attack surface has got wider” which is why SMEs are suffering more breaches. Yet, the tactics employed by cyber-criminals haven’t changed substantially, other than using the theme of COVID-19 in attacks.
Orange Cyberdefense also revealed that, in line with Ventura’s observations, smaller businesses have become increasingly heavily targeted by cyber-criminals, which could be due to having less security resources at their disposal, something that has been especially exposed amid the current situation. “Per employee, we’re seeing more attacks on small organizations than on large organizations,” commented van der Walt, adding that, compared to large organizations, “it’s actually growing faster.”
Ventura reiterated that the pandemic has “brought cybersecurity to the forefront for a lot of these organizations.”
One tactic that has become more prevalent over the past year is ransomware, which has “noticeably” gone up, according to van der Walt. This method has significantly impacted SMEs, whose IT gaps have been exploited by ransomware gangs. Ventura said that in many cases, SMEs have rushed to pay the ransom “rather than deal with those encrypted files and recovering their IT systems, and this in turn created a vicious cycle: the more often those types of attacks succeeded, the more often they occurred.”
As a result, Reed advised that it is always best not to pay a ransom, regardless of the consequences, as it will only worsen the problem over the long term for everyone. “By paying the extortion, there is naturally going to be the incentive to use that mechanism time and again,” he explained.