The Impact of #COVID19 on Cybersecurity and How Businesses Can Mitigate Risk

Since the beginning of the pandemic, the internet has been a force for good, allowing people to stay connected during periods of extended isolation and bringing business operations online. People have increasingly relied on the internet to work, shop and stay entertained.

But, with this increased use of internet services, the online threats consumers are exposed to have also increased. Online bad actors have taken advantage of the pandemic and are exploiting remote working setups and new digital services. As an increasing number of brands rely on their online operations, what risks do they face, and what mitigating actions can they take to protect themselves and their customers both now and in the future?

Evolving Phishing Tactics

An increasing number of online bad actors have instigated phishing and malware attacks on workers, healthcare facilities and the unemployed. In fact, COVID-19 related phishing emails have recently increased by 600%. In the first quarter of 2020, OpSec Security found that SaaS and webmail sites were the biggest targets of phishing, accounting for more than a third (34%) of all attacks, followed by financial institutions (19%) and the payment sector (13%).

The way that phishing is instigated is also changing, along with the number of occurrences. This has included exploiting concerns about the virus and the desire to keep up with the latest developments to make emails seem more legitimate. For example, some cyber-criminals have been spreading malware by adding text from COVID-19 news stories to phishing emails to bypass security software that uses artificial intelligence (AI) and machine learning (ML) to detect it. Without the protections in place to catch these more sophisticated attacks, businesses and brands are leaving themselves, their customers, and their employees vulnerable.

As a result of these increased attacks, a number of high-profile technology businesses, such as Microsoft, are taking stronger action against cyber-criminals. In 2020, Microsoft’s Digital Crimes Unit (DCU) took down a business email compromise operation in which hackers used COVID-19-related phishing emails to infiltrate customer email accounts, contact lists, and sensitive documents in order to send emails that looked like they came from a trusted source. While this isn’t an approach all businesses are able to take, working with the right partners and bodies and having tools in place to prevent phishing attacks slipping through the net will mitigate the risk posed by this kind of activity.

Educating employees and customers about online security is also a crucial step to preventing cyber-attacks. For example, information can be shared about how they might be targeted and how they can check for authenticity with external communications. As part of this, brands should also outline the proactive steps they are taking to protect their customers. By showing customers that they are front of mind when it comes to security and detailing the brand protection schemes they have in place, brands will be able to build trust and ensure that consumers only have positive interactions with their business. 

Long-Term Preparation

With online bad actors continuing to capitalize on both the fears around the COVID-19 virus and the opportunities presented by the rapid shift into the online world, cybercrime is increasingly becoming a major threat to consumers and brands. Whether it’s promoting fake personal protective equipment, pirated video media or phishing scams, there are now numerous methods that online bad actors are using to attempt to exploit brands and consumers. With lockdowns continuing in early 2021, these threats continue to be at the forefront.

As a result, the onus is now on brands to meet the challenges of the evolving online landscape and acknowledge that the pandemic may have a lasting impact on their internal operations and their customers. Crucial to this will be working closely with experts who can help to identify where the threats are and stop any fraudulent activity at the earliest possible opportunity, helping to maintain the reputation of the business. Doing so will enable organizations to benefit from the opportunities in the online world while mitigating risk and protecting customers.

What’s Hot on Infosecurity Magazine?