The COVID-19 outbreak has changed our daily lives and the landscape of our world. With enforced social distancing and self-isolation measures in place many companies have entirely altered the way they are working. While security professionals are advising businesses to protect their brick-and-mortar premises with additional CCTV and patrols of security personnel while closed, cybersecurity experts are instructing them how to safeguard their systems.
Chiefs of information security are facing a new level of risk, previously unencountered. Making the transition from keeping company data safe by securing on premise perimeters to managing the multiple dangers of a workforce suddenly carrying out their designated roles remotely has proved an unprecedented challenge for many firms. Unprepared for a home working scenario, many enterprises have been required to establish new methods on the fly. These rapidly implemented ways of working, while crucial to keep businesses running, are not always the most secure. In many cases staff members are working from home on personal devices and over unsecure connections while accessing and sharing confidential company data.
There has never been a time individuals and businesses have been more dependent on technology, and this has created a new arena for cybercriminals to apply their schemes and strategies to.
A rising tide of cybercrime in a time of crisis
Here in the UK, there have been waves of cyberattacks directed at those working remotely from home during the lockdown. Many people are unfamiliar with the computer systems they must use to carry on performing their roles, and therefore make ideal targets for hackers. Companies are attempting to educate their employees on the new tools but there is still a learning curve that leaves them open to risks.
Cambridge-based cyber defence experts Darktrace observed that the proportion of cybercriminal attacks aimed at remote workers increased exponentially this year, rising from 12% before lockdown to 60% just six weeks into it. Schemes designed to exploit the chaos caused by the COVID-19 pandemic were identified as early as January when the outbreak was beginning to gain traction in international headlines. These cyberattacks have become more sophisticated and have been directly aimed at exploiting anxieties related to coronavirus, in place of the usual ploys for extortion and fraud.
Multiple forms of malicious attacks
The National Cyber Security Centre (NCSC) recently announced that the majority of phishing strategies being employed in the UK at present were COVID-19-related.
At the beginning of May, an extensive email campaign with malicious intent targeted UK businesses, sending company employees to a fake site if they wanted to be furloughed. Other reported attacks have used the tools employed by those working remotely, such as bogus sign-in pages for video conferencing accounts in Zoom, false requests to individuals requesting they reset their VPN (Virtual Private Network) to steal credentials, and intercepting chat messages to infiltrate corporate systems.
Spoofing attacks have also seen an increase under lockdown with emails impersonating trusted sources and colleagues. These malicious emails are now accounting for around 60% of all malicious messaging that adopts spoof tactics, rising from 20% before workers began handling their roles from home. The spoofed emails use a range of schemes, such as financial ruses where employees are requested by a senior executive to donate to a nominated health charity. Other emails are designed to embed malware in company systems and impersonate IT departments and prompt new software downloads.
UK cyber intelligence advisors at the Government Communications Headquarters (GCHQ) have put out a call to individuals and organisations receiving phishing emails. It asks them to report the messages immediately to help its work blocking and removing any malicious sites that have been established online.
Cyberattacks on targets of all sizes
From government funding sites in Germany established to offer aid, to world-renowned architects based in the UK, many prominent organisations and institutions have been hit by high-profile attacks during the coronavirus crisis.
The airline easyJet recently reported a data breach to the Information Commissioner’s Office (ICO) and the NCSC following a cyberattack on its systems, and IT service giant Cognizant has been the target of a ransomware attack, costing the company an excess of $70m.
However, it is not just large enterprises and organisations these attacks are aimed at. Ransomware attacks have also been targeting small-to-medium-sized healthcare facilities, encrypting data, and disrupting essential services in a time of crisis. Unlike larger operations, these facilities often lack a dedicated IT security team, leaving them all the more vulnerable to attacks. With many specialists and healthcare professionals offering advice from home and requiring access to patient data, smaller units will often pay ransoms without even reporting them, hoping to rapidly resume normal services.
Staying secure while working remotely
At Galaxkey, we have developed a comprehensive security platform that can be an ideal asset for companies looking to safeguard their staff and sensitive data, making it ideal for lockdown measures. Our system has been designed to be user-friendly to ensure it is always employed correctly, minimising the chance of human error when employees are unsure of new technology. With a simple drag and drop feature, users can quickly encrypt confidential company data, keeping it safe from cyber criminals.
Our security solution works effectively on a wide range of platforms and is compatible with different devices, so you can deploy it across your entire workforce carrying out their duties remotely during lockdown. Featuring end-to-end encryption it has zero back doors and no passwords are ever stored for maximum security. Whether data is at rest or being transmitted it will always be safe from unauthorised access.
Our platform comes with a selection of features to help your team work remotely with secure email and file sharing options that allow colleagues to collaborate and communicate effectively while staying protected. When you need to maintain social distancing and maintain business continuity, we also offer digital document signing so your firm can stay resilient. Contact our specialist team today for a free 14-day trial of our secure platform, and stay safe.
