We continue with the second part of this article in which we analyse the current situation in its three dimensions. Let’s remember that in the first part of the post we talked about the first dimension: people. Now we will develop the other two: cybersecurity and the pandemic.
Second Dimension: Cybersecurity
Weird enough, it could be said that everything has already been hacked. If you don’t believe me, I invite you to check our cybersecurity research reports or visit the computer graphics from Information is Beautiful.
The latest DBIR 2020 report indicated that “times do not change”, since credential theft, social engineering attacks (phishing and email compromise) and human errors caused most of the security breaches in 2019 (67%). Employees working from home today could be particularly vulnerable to these attacks, so this is where we should focus prevention efforts.
I will also add a couple of additional facts: on the one hand, three years ago there was a cyberattack every 39 seconds; on the other hand, Cybersecurity Ventures predicts that cybercrime damage will cost the world $6 trillion in 2021, compared to $3 trillion in 2015.
Why is cybercrime so popular nowadays? Because it moves a lot of money. The cybercriminals are most likely earning much more than the owner of a successful, profitable company. Here are some figures taken from Digital Shadows’ research:
- Illegal online markets: $860 billion
- Trade secret, intellectual property theft: $500 billion
- Data trade: $160 billion
- Crimeware / Cybercrime-as-a-Service (CaaS): $1.6 billion
- Ransomware: $1 billion
Regarding cybercriminals, the age range has become wider and their attacks more advanced. I would dare to say that most cybercriminals are millenials and behave as their generation dictates: they want quick results using the minimum of resources, effort and time.
As a further illustration, we have, for example, kids like Kane Gamble, who in 2015, at the age of only 15, accessed the accounts of then CIA Director John Brennan and FBI Deputy Director Mark Giuliano using social engineering. Another example is that of Park Jin Hyok, the alleged leader of the Lazarus group, who is also a millenial and is one of the most wanted people by the FBI. Many of the actions of this group helped Kim Jong-Un financed his nuclear arms race.
Third Dimension: The Pandemic
The COVID-19 pandemic, declared worldwide on 11 March 2020 due to its high levels of contagion and lethality, is a critical health situation without precedent in the 21st century. It has forced us to remain in quarantine or social isolation, which entails a series of psychological, sociological and occupational challenges, such as adapting to teleworking over an extended period of time.
Nowadays we are concerned about the number of deaths and people infected by the virus, the lack of a vaccine, etc. In addition, we are beginning to be distressed by the uncertainty of a return to “normality” and we are beginning to experience a global economic crisis. In short, the overall picture is not encouraging at all.
From a corporate point of view, today there are more remote workers and therefore fewer IT and security personnel ready to mitigate attacks and intrusions. This reason and all of the above make it a conducive environment to cyber criminals, who take advantage of these situations of concern, uncertainty and stress to activate their fraud and scam campaigns. The widespread deconcentration and global expansion of the pandemic makes the job of cybercriminals easier and increases the likelihood of success of their campaigns.
This is reflected in the unprecedented figures and statistics provided by different sources such as Google, which through its transparency report indicated that in January this year it registered 149,000 active phishing websites. In February, that number almost doubled to 293,000, and in March it reached 522,000, this is to say, a 350% increase since January. By May there were 1,915,000 sites.
Nowadays, deception, fraud and phishing by e-mail comes first. Also telephone scams, where they call victims introducing themselves as members of the staff of a clinic or hospital and claim that a relative of the victim has been infected with the virus in order to ask them to pay for the corresponding medical treatment, etc. We also find fake applications of infection maps or impersonating governments or hospitals. Furthermore,there is even the sale of fake vaccines. Nowadays, whoever is thinking of buying medical supplies online should think twice and check very carefully that the supplier is a legal and accredited company.
Considering all three dimensions, we can see that cybersecurity is more necessary today than ever before. We must invest in it and be concerned about the risks we are exposed to on the Internet. The picture has changed: it no longer matters whether the company is known or attractive to cybercriminals, no longer matters its size or the sector it belongs to. All companies must be aware of the potential risk involved in their daily basis at work, as they are dealing with personal data and sensitive information about employees and customers.
From the CyberThreats service of the Security Cyberoperation Center (SCC), we carried out a useful guide to risks and recommendations in cyber security for the COVID-19 that I highly recommend. For more information, follow us on social networks, visit our website and our blog.