â€“ to help protect against these threats, businesses must first understand their remote working risks using tools such as Aonâ€™s CyQu assessment
Opinion by Zamani Ngidi, Cyber Solutions Client Manager at Aon South Africa
The COVID-19 induced shift to remote working has provided a golden opportunity for cybercriminals to target one of a business’ biggest cyber vulnerabilities â€“ the workforce. According to a recent Mimecast report, ‘100 Days of Coronavirus (Covid-19)’ there has been a 35.16% increase in malware detections, in addition to a dramatic increase in spam (26.3%), impersonations (30.3%) and unsafe URL clicks (55.8%).
Businesses no longer have the luxury of traditional defensive and office-based security models, and with such a drastic transformation in how workers operate remotely, the cyber risks have increased significantly. In order to manage this risk, it is imperative to first understand it.
Fertile soil for growing a new scam
Since the onset of COVID-19 hackers have been working to use the situation to their benefit. In the same way that the offline world has seen telephone scams from people selling anything from fake virus tests,Â through to impersonating police officers and threatening fines for not following social distancing measures, the online world has been just as creative. Advance Persistent Threat (APT) groups and other cybercriminals have continuously targeted individuals, businesses and charities alike with COVID-19 related scams and phishing emails.
Typical examples include phishing emails tailored around news announcements from governmental or health organisations like the case study of the World Health Organisation which attempt to lure users to a malicious website to provide confidential details. The UK’s National Cyber Security Centre recently warned of email distributed malware which purports to be from Dr Tedros Adhanom Ghebreyesus, Director-General of the World Health Organisation (WHO) but is, in reality, the Agent Tesla keylogger malware.
The test and trace regime in place in many countries is also likely to see a wave of phishing attempts with hackers disguising their emails under the banner of the government’s push to contact all those who have been in contact with someone infected with the coronavirus. It’s not just emails that are vulnerable either, criminals are also targeting voice calls (vishing) or SMS (smishing) to get hold of an individual’s credentials or other sensitive information.
The attacks can be highly targeted, leveraging social media and public information to make their attack techniques as realistic as possible. Specifically, they can utilise the public information shared by companies about their remote working response to the pandemic and use this as ammunition in attempting to attack the workforce.
Held to ransom
If a remote worker falls victim to a phishing email and clicks on a link, the consequences for the business can be significant, with malware â€“ and in some cases, a form of ransomware â€“ downloaded into an organisation’s IT systems and possibly causing major IT downtime and business disruption loss of data or critical information. Ransomware cost businesses globally over GBÂ£5 billion in ransom demands alone in 2019 and COVID-19 is likely to inflate that figure further in 2020. It is easy to see how such an attack can unfold in the fictionalised scenario belowâ€¦
The remote worker â€“ held to ransom
Friday â€“ initial compromise
Monday â€“ the attack remains undetected
Tuesday â€“ the attack is escalated and identified
Next Monday - remediation
New tech: new problems
No business wants to fall victim to an attack like the one described above, but the problem for many organisations is that once COVID-19 hit, they were simply unprepared to move to a majority remote workforce operating model in such a short space of time. Many companies who have invested in securing their technologies appropriately turned to new services that could be vulnerable to hackers out of necessity. This trend has been picked up by the NCSC, who mentions the use of communications platforms where “malicious cyber actors are hijacking online meetings that are not secured with passwords or that use unpatched software.” Of course, it’s important to balance cyber risk with keeping operations running â€“ and employees in work â€“ however appropriate safeguarding and due diligence for any major business tool is still required to protect the company.
Even where businesses are investing in a robust programme of cybersecurity and associated technologies, it is only ever as good as the people using the system. Many South Africans lack the basic cybersecurity training needed to spot a cyber-attack, meaning they are more likely to fall victim to an attack, particularly when they’re not working from their usual office environment.
Undertake a CyQu assessment
Despite the increased threats posed by the significant uptake of remote working, there are a number of steps that businesses can take to help minimise the risk. Understanding where the weaknesses are is the right place to start. Aon’s Cyber Quotient Evaluation (CyQu) is an online self- assessment which can provide insight of an organisation’s cyber maturity and the reported areas identified as posing the greatest risk in less than 90 minutes*.
To help organisations deal with the remote working threat, a ninth security domain specifically focussed on this area has been added to CyQu in addition to other critical cybersecurity domains such as network security, data security, and business resilience. By undertaking an online self- assessment, businesses are provided with a report identifying key findings and prioritised quick wins to help improve security maturity, as well as calculating a benchmark against industry peers to help an organisation to understand how it compares with others.
Changing threats demand a changing approach to security
The cybersecurity threats continue to change as businesses adopt new ways of working and new technology. Whilst the pandemic may have accelerated the pace of change for digital transformation initiatives and remote working enablement, businesses should ensure they review the relative cyber risk to their operations and understand that systems which may have been secure before, may now be vulnerable due to the change in operations.
Assessing where those risks are will help enable businesses to prepare and mitigate these emerging threats. Through understanding their cyber risk, organisations can work to prevent it and put in place additional protection such as the use of cyber insurance to help minimise the operational and financial consequences of an attack; critical at a time when a data breach or ransomware incident could significantly detract from an organisation’s ability to come through the pandemic intact.
Find out more about how Aon’s Cyber Quotient Evaluation (CyQu) online assessment tool can help your organisation counter the additional threat from remote working.
*Completion time will vary by user/industry and the complexity of your organisation.