Cybersecurity and COVID-19: Responding to Increased Risks

The coronavirus crisis has changed the way companies of all sizes serve, protect, and connect with their consumers and employees. In addition to keeping people safe, the C-suite is managing two other top priorities:

  1. Safeguarding their organizations against new threats
  2. Maintaining business as usual during this unusual time.

Stretched Security Limits and Increased Exposure

With millions of employees and students logging on to work and learn, the digital doors to potential cyberattacks have swung wide open. With more people using company-issued devices, videoconferencing, and other collaboration tools, technology executives and IT departments have pivoted from their normal activities to set up and oversee remote workforces, virtually overnight.

Then there are the
vulnerabilities of established cybersecurity challenges, such as employees
opting not to use VPN software, downloading consumer-facing networks, and
engaging in other behaviors to maximize their data and system experiences that
could pose security risks.

Once people sign off from
their work from home responsibilities, they are again turning to the internet
to shop, socialize, and stream entertainment, presenting additional and
increased security concerns, such as phishing and malware.

Systems Under Attack

In recent weeks, the
videoconferencing platform, Zoom, experienced “Zoom Booming,” a new type of
trolling that takes place when uninvited callers disrupt video meetings. The
practice creates a space where bad actors enter public calls to collect
information for intelligence gathering.

Also, just last month,
General Electric filed a data breach notice in California after one of its
partners, Canon Business Process Services, which handles human resources
related documents, was compromised. The breach exposed marriage, death and
divorce certificates, as well as beneficiary information and passports.

Healthcare and Health-Related
Scams are Rising

In early March, reports
revealed that elite hackers attempted to break into the World Health
Organization, as attack attempts on the agency along with its partners, spiked
amid its fight to get the virus under control. Hackers even activated a
malicious site that mimicked the WHO’s internal email system in an attempt to
steal the passwords of multiple agency staff members. On a similar front, the U.S. Department of
Health and Human Services also found itself on the defense from an attack.

During these unprecedented
and uncertain times, scammers are leveraging the COVID-19 pandemic to advance
their schemes with everything from sending fake CDC emails and targeting
vaccine facilities with ransomware to selling counterfeit treatments and
equipment.

Perhaps the most startling
statistic in this space so far: About 2,000 coronavirus-themed websites are
popping up daily, and most are malicious, according to Alexander Urbelis, a
cybersecurity expert and attorney with the Blackstone Law Group which tracks
suspicious internet domain registration activity.

Sought after on the dark web,
medical data and all of the PPI (personally identifiable information) it
contains, such as Social Security numbers and financial data, is a hot
commodity.

Servicing Users, Securing
Systems and Savvy Hackers

In this evolving and challenging
environment, the bandwidth of corporate IT departments and other entities alike
is being tested and divided between handling increased activities such as managing
critical security patches, policing the downloading of unauthorized apps onto
company devices, and a host of other security requirements and
concerns—potentially taking their attention away from monitoring malicious
activity.

Preparation During the
Pandemic

The increased COVID-19 IT security threat is real and will linger long after normal business operations resume.

To protect their networks,
companies, and customers, cybersecurity teams should prepare and stand ready to
respond in the event of a security breach. In these dynamic times, Experian’s
Global Data Breach team remains fully operational and committed now more than
ever, to protect our partners against cyberthreats and attacks.

To learn more about our Data Breach Resolution and Reserved Response products, contact your EPS sales representative today.

Leave a Reply

Your email address will not be published.