The global pandemic situation has brought many changes at several levels. Just think of all the security measures put in place to meet the new standards of social distancing. For organizations, it has played more than one role, including a trigger for transformation. As a result, the sequence of events related to COVID-19 has resulted in a phase of adaptation and change. This situation, which we are still living, involves cyber risks that can be reduced considerably.

This is a topic that security company Mimecast addressed in its May 5th report, which examines the first 100 days of the COVID-19 crisis and the cyber-scams that followed. This analysis shows that between January and the end of March, spam and phishing increased by 26.3%, while impersonation increased by 30.3% (e.g., the fraudster borrows your identity to hijack the $2,000/month for Canada Emergency Response Benefit), malware detections increased by 35.16% and blocking of URL clicks by 55.8%. On average, this is a 33% increase in all cyber-fraud attempts actually detected!

At a time when the world was plunged into a period of unprecedented crisis, some malicious individuals and organizations were taking advantage of the delay to respond to it. Charities have been the most affected, followed by manufacturing and retail companies, and more recently companies working to find a vaccine. Criminals associate their scams with news and information circulating on social networks. For example, in the week of March 24th, when the UK and Australia closed their borders, a spoofed email from the World Health Organization invited potential victims to click on an infected link. In addition, the Emonet trojan continues to steal our banking data.

Although the crisis surprised us, many organizations don’t know how to reduce cyber risk or which best practices to implement in terms of cyber security. Since we are not in a normal context, it’s not the right time to think of a long-term strategy, we must act now.

So how do we adapt to the emergency situation, exploited by criminals who rely on the fact that employees are far from the core of the company? Here are some of our recommendations to avoid being among the victims of cyber-fraud:

1) Review cyber security practices and policies and quickly train staff to have good cyber habits

2) Increase vigilance on indirect means of communication with staff, via telephone or social networks.

3) Prepare for Emonet’s resurgence:

We must be aware that with the effects of the crisis on economic activity, many enterprises are likely going out of business in the coming months. Therefore, at the supplier level, customer or employee data shared with confidence may be compromised and out of your control. It will not be possible to audit a supplier that is no longer in business!

4) This is why we need to regain control of the information shared with external suppliers. Here are some practical tips on how to do this:

5) Vulnerabilities will need to be addressed by:

6) Protect the IT security team members working from home because:

In short, the above tips will help you reduce the risk to the organization, staff and users in the short term. There are several cyber security/cyber-resilience tools and methodologies available. Don’t hesitate to contact IT Chapter if you want more details!


Reference: https://www.mimecast.com/globalassets/cyber-resilience-content/100-days-of-coronavirus-threat-intelligence.pdf

Laisser un commentaire

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *