How the Pandemic and Remote Work are Increasing Cyberattacks

Cyberattacks are on the rise, and businesses are scrambling to determine how they can keep their data and their employees safe from a security breach.

David Aplin Group recently hosted an online webinar partnered with Dentons LLP and Everbridge. The webinar, Crisis Management, IT Disruptions and Business Continuity: The Big Picture, was a panel discussion facilitated by Jeff Aplin, CEO at David Aplin Group. The webinar delivered cybersecurity insights from two thought leaders, Kelly Osaka, Litigation & Privacy Lawyer at Dentons LLP, and General Manager & Vice President from Everbridge, Prashant Darisi.
An alarming statistic that Darisi shared was that 69% of companies from 2018 to 2020 experienced a cyberattack and paid a ransom to regain access to their data. And an additional 2% had to issue multiple payments, while 22% never regained access. The pandemic has resulted in a sharp increase in cyberattacks, and the sectors targeted the most during COVID-19 include:
  • Government and Administration (always a prime target)
  • Pharmaceutical and Health
  • Education
  • Logistics and Transportation
  • Construction
  • Finance and Insurance
The Cyber Threat Landscape
When COVID-19 suddenly forced millions of professionals out of the office into a work-from-home environment, businesses recognized the increased exposure to risk and the necessity of focusing on cybersecurity. In a recent study published by Deloitte, they cited that, “prior to the pandemic, about 20% of cyberattacks used previously unseen malware or methods. During the pandemic, the proportion has risen to 35%”.
The four most common types of cyberattacks companies often face is:
  1. Denial-of-service (DoS) attacks
  2. Malware/ransomware attacks
  3. Password attacks
  4. Phishing attacks
The most common ransomware attack consists of a nefarious cyber actor stealing information in hopes of receiving payment to release your data back to you. Otherwise, they sell your data to third parties or use it to their competitive advantage. It’s important to note that malware or DoS attacks mean that the attackers have likely been inside your network for weeks or even months, monitoring your systems. Cyberattacks have become much more sophisticated, using machine learning and techniques to avoid detection for more extended periods.
Statistics indicate that 47% of individuals working from home have fallen for a phishing scam. The cost to your business can be high. Darisi advised during the webinar that the average cost of downtime during a cyberattack is $8,600 per minute, and this does not include damages to brand and reputation or legal expenses and ransom payments. Here are some relevant factors of remote work that could potentially expose your business to cyber breaches.
Personal Devices
In light of the pandemic shifting employees out of the office, many companies have shut down their locations to purchase new tools and technologies to enhance collaboration. But these new remote environments and tools are driving an uptick in cybersecurity risk and breaches.
At the beginning of quarantine, many employees relied on personal devices during the work-from-home transition. When employees are offsite using their own devices, accessing corporate data and information, the corporate level of cybersecurity does not exist. Personal laptops, phones or computers don’t have enterprise prevention and detection measures in place, putting the company’s data at risk. There is no guarantee of installed and updated antiviruses or properly encrypted Wi-Fi networks. Traditionally, home internet networks can be easier to hack.
Communication Tools
Video conferencing has become the new norm of meetings daily. And big players, such as Zoom, were targeted and successfully breached back in 2020. Not only were there numerous Zoom phishing scams attempting to steal login information, but there were also uninvited users “zoom-bombing” private video conferences. Then, over half a million Zoom accounts were compromised and sold on hacker forums.
Human Error
Human error has always been a significant contributor to cyberattacks, where employees negligently or accidentally share data with hackers posing as clients or employees. But the pandemic has taken a toll on employee mental health. The stress of the virus, being trapped in quarantine, working from home while simultaneously homeschooling children, has led to increased distraction and even burnout. When employees are distracted, mistakes will inevitably happen.
Various technologies and tools enable collaboration and communication between teams, but they also blur the line between work and home. This puts pressure on employees to be available for IMs, video calls and emails at all times. Stressed and siloed employees are more likely to fall victim to a scam or cyberattack.
Reducing Cyber Risk Exposure
Taking steps to prevent a cyberattack is not only crucial for protecting your business. In Canada, any company under review by the Office of Privacy Commissioner (OPC) is legally required to demonstrate how the event was detected, what steps were taken to constrain it, and what measures were put in place for future prevention. These are some primary cybersecurity strategies that businesses should practice.
  • Employee Awareness and Training. Keep your staff informed on what procedures are in place to report phishing scams and the best practices for email vigilance, and how to access company information safely. Consider providing cybersecurity training for all employees and incorporating it into your onboarding process.
  • Company Equipment. Connect your employees using a VPN. Though not the only method of protection, VPNs (virtual private networks) act as barriers, helping to layer protection for internet users at home. Avoid the allowance of personal devices, if possible.
  • Review your IT systems. Check your IT infrastructures for any vulnerabilities or weak spots and patch them up immediately. Continue to monitor and evaluate your systems regularly.
  • Detection Software. Companies like Everbridge provide enterprise software applications designed to automate and accelerate response to critical events. Your goal with implementing software is to reduce your time to detect an attack.
There are many detection tools available, but the critical thing to do is ensure all platforms and systems work together. A flexible integration ecosystem will allow you to handle the attack most efficiently. Nearing the end of the webinar, Darisi outlined the ideal procedures to handling cyber breaches, called the DRIFT process: Detect, Rally & Respond, Investigate, Fix and Test.
If your company hasn’t prioritized cybersecurity, the time to is now. The question is not if a cyberattack will happen to you, but when. Protect your business, maintain productivity, and implement policies to detect and prevent cyberattacks.
Watch the full webinar here:

Photo by Pexels