Coronavirus has impacted our lives and businesses in more ways than anyone could have expected. Sure, there are the obvious things, but then there are the many knock-on effects that Coronavirus has inflicted.
One of the biggest unfelt impacts of Coronavirus that no one is talking about, might just be the affect this is having on cybersecurity. Infosec professionals are now braced for what they suspect might be the largest cyberattack in history: an attack they expect could occur within the next 6-9 months.
What’s the relationship?
As is so often the case, it’s useful to turn to historical accounts in order to better navigate our future. Moreover, we can look at the nature of cybercrime itself in order to better understand why we are so vulnerable to attack right now.
A Little Bit About Cyber Security
To understand the risk, it’s useful to first understand a little bit about information security. A big focus of any good information security expert is to reduce what is known as the “attack surface.” The attack surface can be thought of as the number of possible entry points for any potential assaults.
If you were you trying to break into a house, then you would probably focus on all the doors and windows.
If you were trying to break into a network, then you might look at all the devices connected to that network, as well as all the software running on the servers, and even perhaps the security cameras set up in the office.
Every new device or input represents new opportunities for exploitation.
With that in mind, you might already be starting to see the writing on the wall.
How Coronavirus Has Exposed Millions of Organizations
The good news for most organizations, is that their networks have relatively small attack surfaces, and they are able to control a lot of the variables.
Most people traditionally work(ed) within a single office. All the computers in that office connect to a single network, which could even be a wired network.
Even physically accessing these buildings is difficult due to physical security measures.
Companies might then employ additional logical security measures to ensure their networks, devices and data are even more secure: regularly changing passwords for example, or requiring two-factor authentication.
And if a phone call comes in asking for an employee’s date of birth, their tech-savvy colleague sitting next to them has been trained to to hang up.
If an employee was required to work from home, or to work remotely, then they would be given a dedicated work laptop that would have additional security features. Companies that planned for this can keep track of precisely who is working remotely, and they can impose as many security hoops to jump through as they need.
Since Coronavirus, that advantage has been well and truly lost.
The New Normal is The Perfect Storm
In the space of a few days, employees were sent home in droves. These employees worked for organizations that had forewarning of the impending changes, and that were therefore unprepared to adapt accordingly.
In many cases, employees would be asked to continue working from home using their own computers.
Their own computers that they also use to watch pirated movies from Pirate Bay. Their own computers that they have used in countless public WiFi spots. Their own computers that have passwords like “Password.”
Those are also the same computers that house personal email accounts that are ripe for phishing scams. Many of them will be running outdated software, full of vulnerabilities.
And they’re connected to home WiFi networks that are once again significantly less secure. Some won’t even be password protected!
Be honest: how many times do you typically put off your Windows update?
This is essentially the perfect storm for cyber criminals. The attack surface just went through the roof, and none of those new entry points are anywhere near as secure as their older-counterparts.
Cybercriminals are now spoiled for choice.
And there is precedent for this too! It was by targeting remote workers that hackers were able to break into Lockheed Martin: one of America’s largest defense contractors.
A Ticking Time Bomb
It has already started.
In the last few months, hackers have already attacked the US Department of Health and the World Health Organization. Attempts on the latter have more than doubled.
Cyber intelligence firm CYFIRMA has revealed that cyberthreats went up by 600% between February and March this year. That’s quite a jump!
With that in mind, how long will it realistically be before we hear about something colossal?
There are other factors that we haven’t touched on yet, too.
For example: the sheer amount of pressure, stress, and ill-will that has been mounting over the last few months.
Cybercriminals are people just like everyone else. They are motivated by the same things (despite what the media might have us believe). Someone who would never consider hacking a big organization might feel differently once they’ve lost their job and feel betrayed by their government.
There’s a lot of that going around right now!
Add the sheer amount of time people have on their hands. The sheer amount of boredom. The frustration.
These same factors likely contributed at least to some extent to the rioting and looting that we’ve been witnessing. Of course, there were other factors at play here too and very serious, real issues. But it’s very likely that the extent of the response was at least somewhat a reaction to the built-up tension so many people are feeling right now.
What to do With This Information
Terrified?
Don’t be! The best defense for the vast majority of people is anonymity. There is little reason for anyone to attack you unless you are a public figure. Your personal attack surface has also not grown.
That said, you might want to think twice about which companies you share your identifiable data with. And you should certainly be careful when opening any emails from addresses you don’t recognize!
Another way to take action on this, is to think about investing in cyber stocks. Looking once again to history, we see that cyber stocks tend to soar in price whenever there is a high profile cyberattack. Even the high profile Facebook/Cambridge Analytica Scandal in 2018 resulted in a huge boost in cyber stocks. The biggest cybersecurity company saw an increase in value of 25% over the following 6 months!
So yes, while this might all be more than a little bit terrifying, it also represents an amazing opportunity for those that are willing to seize it. And this is the admittedly very slim silver lining that exists for anyone at this time: if you know how, you can turn the significant issues surrounding lockdown and Coronavirus into an opportunity.
And if you’re a business owner? Then now’s the time to start investing heavily in your infosec and to begin properly examining the way that you handle new security risks. Sure, we were all blindsided there just a little. You couldn’t have been expected to be prepared for an event as unpredictable as COVID-19.
BUT, with that said, it’s also true that you have now had plenty of time to adapt. There’s no longer any excuse!
And all this is even more important when you consider the fact that things are very unlikely to “go back to the way they were before”. Employees are likely to be working from home much more from now on. So it’s time to prepare and adapt.