Cyber threats escalate in COVID-19 pandemic
AccountingWEB interviews tech expert Bill Mew on the new threats posed by cybercriminals who are preying on user vulnerabilities during the virus outbreak.
Cybersecurity companies have tracked a spike in coronavirus-related attacks in recent weeks as scammers have targeted remote working systems and imitated official organisations to exploit user weaknesses triggered by the COVID-19 pandemic.
In response to the new guises taken by cybercriminals, Crisis Team CEO and tech industry veteran Bill Mew offered some practical tips on how to tackle these ever-evolving cyber threats.
What changes have you seen in cybercrime relating to the current pandemic?
There aren’t any more cybercriminals than normal. It’s the same bad actors. They’re opportunists and they see the current chaos as an incredible opportunity.
What is the biggest threat to those working remotely?
While the headlines have been filled with vulnerabilities that have been found relating to video conferencing platforms like Zoom, people may not have noticed the significant number of announcements made by other vendors.
For example, last week Microsoft announced fixes for 113 security vulnerabilities in its various Windows operating systems and related software. Those fixes include at least three flaws that are currently being actively exploited, and two others that had been publicly detailed prior in advance, giving attackers a potential headstart in figuring out how to exploit the bugs.
What extra measures are you suggesting businesses and remote workers take?
The first thing to do is ensure that people working from home are updating their anti-virus software and installing the latest patches to fix the vulnerabilities announced by Microsoft and others.
Second, they need to be reminded to be vigilant in spotting phishing attacks.
And third, they need to be told how to set up multi-factor authentication on Office 365 and other systems accessed remotely. These three actions alone will eliminate over 80% of all threats.
Then, if your users are able, ask them to update the software or firmware on their home devices such as their home router. And if they have personal devices as well as work laptops and phones, be disciplined in separating the use of home and work devices for personal and professional activities.
What are the most worrying attacks you have seen in recent weeks?
Of the fixes came out for Patch Tuesday from Microsoft this week, two of them had been given the most-dire “critical” rating by Microsoft, meaning that malware or miscreants could exploit them remotely to gain complete control over vulnerable computers without any help from users.
These kinds of threats are becoming more common – an alarming trend.
What is the greatest learning point from this issue?
If all we learn from this experience is how to work from home, then we will all have missed the biggest lesson. It is no coincidence that we failed to appreciate the credit risk in 2008 or act in time, or that we failed to appreciate the health risk this January. We tend to ignore risks until it is too late.
We should not forget the concerns detailed earlier about the cyber risk or fail to appreciate that we are more interconnected and therefore vulnerable than we have ever been. The real lesson to learn is about risk awareness and crisis preparedness.
Where should the focus on cyber threats be within businesses and organisations?
In almost all organisations, all senior managers are measured and incentivised on ROI metrics like revenue and profit. So they focus on maximising ROI. The risk managers who sounded the alarm at banks in 2008 and the information security officers currently sounding the alarm on the cyber threats are alone in being measured on ROR (return on risk).
They could spend an infinite amount on risk mitigation but, instead, focus on managing the organisation’s risk appetite and sounding the alarm when this is exceeded.
If organisations don’t change direction and start listening to these alarm calls, then we could emerge from the health pandemic only to be struck by a cyber one!
What is the current situation with insurance claims on cybersecurity breaches?
There is NO room for complacency here. Insurers are currently failing to pay out on business continuity claims relating to the pandemic. Many have also already refused to pay out on recent cyber claims, and I have warned previously warned that exclusions in current cyber policies are so extensive that insurers could refuse to pay out on any claim for any incident. If you don’t have specific incident response cover then it’s akin to treating patients without protective equipment.
All organisations of all sizes are potential targets. It’s probably not a matter of if you’ll get hit, but when. And since the average breach takes more than six months to detect, it may well already have happened.
You might also be interested in
Founder and CEO of CrisisTeam.co.uk (SiliconANGLE global Startup of the Week – May 2019), an elite team of experts in incident response, cyber law, reputation management and social influence that help clients minimize the impact of cyber incidents. Previous cloud strategist at UKCloud (the...