How are cybercriminals exploiting people working from home?
It is a convoluted mix of infrastructural unreadiness and overly susceptible human physiology during the spiraling crisis. Some cybercriminals mostly exploit uncertainty and aptly forge emails or SMSs from state authorities, imposing or demanding certain actions such as sharing confidential data or clicking on a malicious link to infect victims with malware. Others, merely exploit overall lack of security hardening of home, or home-placed computers, and deploy various well-known attacks, ranging from large-scale spear-phishing campaigns to sophisticated BEC targeting C-level executives. Sadly, all these vectors are highly efficient, while breach investigation is hindered by suddenly disorganized IT and security teams trying to adapt themselves to the new reality.
Will video conferencing calls make individuals more vulnerable?
Conference calls do not create additional cybersecurity risk per se, however, expand a wide spectrum of the existing attack scenarios, for example, by sending fake Zoom or WebEx invites.
Will we see new types of phishing and attacks?
From a technical standpoint, there are no substantially new phishing techniques imputable to Covid-19, but merely new vectors such as new reasons to lure victims into clicking on a malicious link for example.
Should the cybersecurity of workers be their own responsibility, or that of their employers?
In light of the spiraling panic, partial shortage of food and medication in some European and US cities, it would be somewhat unreasonable to shift this burden to already overburdened and stressed employees.
What will be the effect on cyber insurance from the current climate?
For the moment, it is virtually impossible to give a long-term forecast, though it would be reasonable to expect a spike in demand for insurance, and a subsequent price increase. Insurance companies will also likely gradually scrutinize incoming claims for coverage, imposing higher standards of requisite cybersecurity. Otherwise, careless or simply unprepared home-based workers will empty their pockets within a few weeks.
What are the best “quick cybersecurity wins” for home workers to implement?
Remaining vigilant is probably the best action the would-be victims can undertake. Corporations should rapidly develop and promulgate a clear, coherent and efficient cybersecurity communication strategy, reminding teams about basic precautions and security policies, including how to report an incident or suspicious activity.
What are the cybersecurity practical tips for anyone working from home?
Double-check authenticity of any incoming messages, emails or phone calls. In case of any doubt, report to your internal security team or police. Be particularly prudent when someone is trying to extract any data from you in emergency, pretending there is no time to convincingly explain the context.
How can businesses improve cybersecurity measures organisation-wide?
Consistent, threat-aware and risk-based cybersecurity policy shall be relentlessly promulgated to employees in an easily-consumable and friendly manner.
How might the current climate affect businesses long term?
Rather than it being a unique opportunity for businesses to tighten up their defences for the long term, it is a challenge that may kill weak and unprepared companies.