When the Coronavirus hit earlier this year, it shined a light on existing cybersecurity gaps and created new ones. With most employees working either fully or partially from home, some businesses struggled to maintain security during the transition. Cybercriminals had their pick of weaknesses to exploit due to a lack of user awareness training and new endpoint vulnerabilities. The potential reward seemed even greater with healthcare and life science organizations having highly sought after COVID-19 data. Determined never to let a good crisis get away from them, hackers got to work constructing cyberattacks.
Increase in Cyberattacks
Cyberattacks quickly accelerated when COVID-19 hit earlier this year. Attackers look for data that results in big payouts, so they focused their efforts on industries that will give them the biggest ROI. Hoping to capitalize on the behaviors of unaware users, hackers increased their malware and email campaigns.
Access to financial data and high profile clients makes financial services one of the top targets, seeing a 37% increase in cyberattacks, according to CSO. Healthcare and biotechnology organizations are also among the top targeted industries. Attackers are enticed not only by the access to COVID-19 data but the organization’s dependency on that data, making them more likely to pay a ransom in a ransomware attack.
COVID Themed Phishing Emails
During the first half of 2020, users were inundated with COVID-19 themed emails promising new data on the virus, developments of a vaccine, or access to personal protective equipment. According to Bitdefender’s 2020 Mid-Year Threat Landscape Report, about four out of ten coronavirus-themed emails were spam. Knowing that businesses are heavily reliant on email, attackers sent out large spam campaigns and used phishing tactics to gain sensitive information from users.
In their 100 days of Coronavirus report, Mimecast found that malware increased by 35%. Malware can give attackers access to workstations and even the company network. To infect users, attackers typically send emails with malicious links or attachments. After clicking on a malicious link or downloading an attachment, the users’ workstation becomes infected with malware.
Remote Work and Endpoint Security
Each device that connects to your company network becomes a new endpoint for an attacker to exploit. With distance learning and remote work becoming a part of the new normal, endpoint security has never been more critical. Around 25% of enterprise devices have a critical security application, either inactive, out-of-date, or missing, according to Forbes. Outdated and missing security applications like anti-malware, virtual private networks (VPN), and client management systems present significant cybersecurity risks. These types of vulnerabilities make it easy for attackers to breach your company network.
Planning for the Future
As we draw closer to the end of the year, everyone is wondering what happens next? One thing is for sure, cybercriminals will continue to be opportunists searching for and taking advantage of weak points in your security. Don’t let a data breach be the reason you discover your vulnerabilities. Review and update your cybersecurity policies and systems.
Make sure your cybersecurity strategy includes:
- Implementing an email security platform.
- Investing in a robust vulnerability management program.
- Conducting regular end-user security awareness training.
- Implementing an endpoint security platform e.g., EPP or EDR.
- Investing in comprehensive cybersecurity solutions that include active monitoring and intrusion detection and response.
Ready to increase your cybersecurity posture? Coretelligent’s CoreArmor provides advanced enterprise-class security services for firms of all sizes across many business verticals. Our US-based in-house security analysts proactively monitor your infrastructure 24x7x365. Give us a call at 1-855-841-5888 or contact us today to learn more about our security and compliance solutions.