The Main Effects Caused by the Pandemic on Information Security
With the coronavirus pandemic, companies had to adapt and reframe their businesses, which brought many benefits in terms of growth and digital presence. Home office and hybrid jobs are already a reality for most companies, especially technology ones; physical servers are being moved to cloud environments; and companies had to change the way they present themselves in the market and relate to clients, using large volumes of data combined with tools and Artificial Intelligence as the main resources to improve business strategies and increase sales.
These positive changes in the digital transformation, in turn, have created an almost complete reliance on technology, increasing companies’ exposure to vulnerabilities and cyberattacks such as cloud server hacks, leaks, and data hijacking. The current context forces organizations to go through this transformation process, without which it is impossible to evolve.
Therefore, all business leaders must be aware of the dangers they are exposing their business to and are prepared to protect themselves and deal with these risky situations as assertively as possible. From the users’ point of view, it is important to pay attention to the protection of their own data and put aside some habits of insecure behavior in the virtual environment.
Check out the main effects of the pandemic on Information Security, according to research released by IBM Security and Kaspersky data.
Increased Attacks in Cloud Environment
Due to the pandemic, many companies are moving to the cloud environment, which increases the flow of data and, consequently, the risk of threats and attacks. Work previously performed on a machine under the supervision of the company’s IT staff is now performed on a machine handed over to the user, with little or no control by the information security team.
The companies’ IT infrastructures are also freed up for remote access on the employees’ own machines. All these factors increase the chances of attacks.
Another concern, according to IBM, is the fact that Linux is the main responsible for workloads in the cloud (about 90%) and a good part of malware attacks are related to this operating system, which only tends to increase the attacks in cloud environments that use these virtual machines.
Cybercriminals Are Impersonating Famous Brands in Online Shopping
It is no surprise that the pandemic has generated an increase in online purchases. As a result, cyberattacks have also become more frequent, and the lack of information from many consumers on how to shop safely online is also a fertile ground for this.
According to an IBM report, cybercriminals are posing as consumer-trusted brands more often. Adidas was one of the brands that drew the most attention from the attacks, due to the high demand from consumers for coveted products.
The launch of a brand model in 2020 may have increased this wave of attacks. Users were directed to pages identical to the original ones and, when making payments, cyber criminals tried to steal financial information, passwords, personal information, and even break into the victim’s devices.
Ransomware Attacks Were the Biggest Since 2019
A ransomware attack takes place through malicious software that blocks access or encrypts the data on the system, network, or computer of companies and/or users. Generally, cyber criminals ask for millions of dollars, mainly from prominent companies and people, in exchange for returning these accesses.
Social distancing and the practice of home office during the pandemic have intensified ransomware attacks around the world. “People stayed at home and had time to explore vulnerabilities in systems and critical infrastructure,” explains Apostolos Malatras, leader of the knowledge and information team at ENISA (European Agency for Network and Information Security).
According to numerous recent research, this category of scam is becoming increasingly popular, particularly on corporate networks, as they can offer higher amounts in exchange for regaining access to data.
In Brazil alone, there was a 350% increase in this type of attack, just in the first quarter of 2020, according to data from Kaspersky. Also according to these data, the country leads the ranking of the largest number of companies attacked by this type of threat during the pandemic.
Ransom figures have increased a lot and created a very profitable business for criminals. According to Fabio Assolini, an expert at Kaspersky, in addition to a greater guarantee of profit from attacks on organizations, this increase was also due to the recent drop in the price of Bitcoin, the main digital currency used by hackers.
According to the expert, “Criminals know that companies and individuals are more vulnerable and accessing corporate networks from potentially unprotected devices. This increases the risk”.
Are you enjoying this post? Join our Newsletter!
The Convenience and Practicality of the Digital Medium Surpassed Security and Privacy
It is not new that society seeks agility and convenience in its daily activities. However, during the pandemic, this search has intensified. Everything has become more convenient and practical so that the fewer clicks to complete a task, the better and more satisfying it is for the user. In the research report released by IBM, about two-thirds of the population expect to spend less than 5 minutes setting up a new digital account.
This is a reflection of the digital convenience that has affected businesses and users around the world. Also according to this data, the rapid digital transformation of companies and the users’ lack of concern with the security of their data have facilitated the increase in data leaks, theft, and hijacking attacks.
In addition, the inclusion of more users in the digital context implies an increase in the number of online accounts, which, consequently, increases the number of insecure passwords and people more uninformed about the protection of their own data.
This digital dependency requires a close look at security risks. Nevertheless, companies are still looking to adjust the speed of posture to face the pandemic with the necessary security measures and embark on the digital journey, which has resulted in very high losses for the recovery from cyberattacks by some organizations.
What Are the Main Security Recommendations?
In the pandemic scenario, it has never been easier for cybercriminals to gain access to sensitive user and business data. Therefore, cybersecurity must be seen in the same way as infectious agents, such as viruses and bacteria in our body, as the consequences of a cyberattack, which today is already classified as the fifth-biggest risk in the world, can be catastrophic for the functioning of society in all verticals.
In the words of Harles Henderson, Global Management Partner and Head of IBM Security X-Force, “With passwords becoming less and less reliable, one way organizations can adapt, beyond multifactor authentication, is to opt for a ‘zero trust’ approach: apply artificial intelligence and advanced analytics throughout the process to detect potential threats, rather than assuming a user is trusted after authentication.”
In this type of approach, one must start from the idea that their network may already be compromised and carry out daily validations of the connection between users, data, and resources. Another recommendation from the expert is to invest in data protection and privacy policies, in addition to conducting ongoing security tests and reassessing the effectiveness of the incident response plan.
Did you like the content? We recommend the following reading: Zero Trust-based Security Approaches.