Weaknesses in cyber defences continue to be found at points of human involvement. A third of all data security incidents affecting our clients stemmed from phishing emails, with increasingly sophisticated scams that can appear genuine. People can serve as an effective last line of defence, but without effective training, staff will not know how to spot and stop a scam.
Often phishing emails or other intrusion methods are used only to allow the attacker to gain a foothold in the IT infrastructure. Recent intrusions against a number of our clients by a well known attack group exfiltrated a significant amount of data whilst at the same time also encrypting systems and demanding a ransom, highlighting the risk of two-pronged attacks that seek to extort from organisations.
The cybersecurity challenges arising out of the coronavirus pandemic are evolving quickly, but we have seen how criminals are seeking to capitalise on the crisis.
There has been an explosion in the number of Covid-19-related lures being used by cyber criminals to seek to inject malware and gain access to infrastructure.
In the UAE, for example, we have seen scammers’ tactics include emails promising urgent coronavirus updates which attempt to con internet users into downloading malicious software. We have also seen fake appeals for donations to help those affected by the pandemic, and websites selling cures, vaccines or protective equipment that do not exist.
In Singapore, we have seen a rise in phishing exercises targeting both businesses and individuals for sensitive financial and personal data in the context of Covid-19. A large number of these attacks were premised on the recipient being awarded monies from a “Covid-19 fund”.
Many businesses have become more reliant upon potentially unsecure networks and personal devices, and some security controls, such as virtual private networks, multi-factor authentication, and end point security programmes, often had to be disabled if they interfered with ordinary business, became overloaded or failed to work as intended.
We have seen a number of data breaches stemming from human error, often due to resourcing issues arising from Covid-19. Examples include breaches caused by infiltration of employees’ VPNs whilst working from home and due to skeleton mail-room staff being tasked with compiling and issuing correspondence that is normally managed by specialist administrative teams.
In the UK, some clients reported suspicions raised by the National Cybersecurity Centre and the Information Commissioner’s Office that they may have been specifically targeted, potentially by nation state actors, because of their involvement in Covid-19 critical national infrastructure, such as healthcare, clinical research institutes and food distribution networks.
Difficulties with incident response
Covid-19 has also impacted upon the ability of our clients to respond to incidents when they do materialise.
IT teams have been overloaded by dealing with the changes to business operations, such that cyber incidents have had to compete for priority.