Coronavirus: Why Cybercrime Loves a Global Crisis

There’s no mistaking the biggest story of recent months: Coronavirus.

Officially known as COVID-19, what started as a local health issue in Wuhan, China, could soon become a worldwide pandemic. The World Health Organisation (WHO) has officially declared a global health emergency with cases reported in every continent barring Antarctica.

Global incidents such as these cause significant disruption far outside those directly affected by the virus. In the age of hyper-connectivity, a health issue on one side of the world quickly spreads, impacting people, organisations and economies on the other. So far, we have seen major events and conferences cancelled, borders closed, supply chains shut down, markets falter, and travel limited to all but the essential. Oxford Economics estimates that the total cost to the global economy could reach $1.1tr.

On the advice of the medical community, the business world turns to digital strategies to limit the spread of the virus while maintaining continuity of service. Apple, Amazon, Facebook and Twitter are just some of the organisations that have restricted travel or enforced remote working as a precautionary measure. In London, oil giant Chevron was the first company to send its 300 staff home, with many more expected to follow suit. Several high-profile events have also been postponed or cancelled, including Facebook 8 in San Francisco, Singapore’s EmTech Asia and The Mobile World Congress in Barcelona.

A global phenomenon that generates real-world fear, panic and paranoia, coupled with an increased reliance on digital communication is a dream come true for the opportunist cybercriminal. And it’s an opportunity many are keen to seize.

A global epidemic, a morbid opportunity

Cybercriminals thrive on disruption and uncertainty and are wasting no time in maximising this opportunity. Coronavirus-related phishing attacks are rife, from those offering a cure to others collecting information needed to populate “government databases”. One even purports to be from WHO, encouraging recipients to log in to its website. All invite victims to click malicious links and hand over credentials or other personal information.

Cybercriminals are all too aware that businesses are now relying on online collaboration tools more than ever – considerably increasing the size of their target. While digital connectivity offers a lifeline to organisations in times like these, it also brings issues of its own.

If your organisation now relies on email as its number one tool for communication and decision making, your attack surface just expanded. Add to this the distraction of business interruption, along with the inevitable hysteria around a global health event, and the risk of falling foul of a phishing scam or similar has rarely been higher.

For the businesses on the receiving end, the consequences can be enormous.

Counting the cost of cyberattacks

Cyberattacks do not have to piggyback on a global crisis to cause significant damage. Common threats – phishing, malware, Business Email Compromise (BEC) and more – devastate organisations all year round. An estimated 55% of businesses experienced a successful phishing attack last year. The attempt rate is much higher – 88% saw spear-phishing attempts along with 86% that reported BEC attacks.

Whatever the method of attack, the consequences can be devastating. PwC’s Global State of Information Security Survey puts the average cost of a cyberattack at £857,000 (approx. $1.1m). The FBI, meanwhile, picks out BEC for special attention – estimating global losses of $26bn between 2016 and 2019.

Despite remaining the number one threat vector – involved in 94% of data breaches – just 10% of IT security spending is focused on email[1].  Cybercriminals know this and are more than willing to exploit it, particularly during a period of global business disruption when mistakes are most likely to be made.

This is a chink in our armour that we must repair – fast. The longer it remains, the more frequent and sophisticated the attacks we are going to see against it, in times of crisis and beyond.

Prevention always preferable to cure

Cybersecurity may not seem like a priority where matters of global health are concerned. On the contrary, it’s more important than ever.

Global emergencies trigger panic, paranoia, confusion and disinformation. An environment in which cybercriminals thrive. When businesses operate outside of the norm, relying ever more on digital tools, employees are sitting targets, waiting to be tricked into clicking on a link, downloading a piece of malware or simply inadvertently sending money or sensitive information to cybercriminals. Against this climate, hope is not a strategy. Now is the time to invest in a strong multi-layered cyber defence strategy that spans technology, process and people.

Start by putting tools in place to filter and block threats before they reach your users. This must go way beyond the humble spam filter, protecting against malware, phishing, malicious links, BEC, credential or account compromise and more.

Even the best tools are unlikely to stop 100% of attempts, however. That’s why it’s imperative that your last line of defence – your people – are vigilant and well-informed. Your users must know how to spot common threats, how to defend against them and how their behaviour can be the difference between an attempt and a successful attack. Training must be comprehensive and ongoing, increasing during times of elevated risk.

Just as we all have a part to play in stopping the spread of a virus, so too does everyone in your organisation have a role in keeping it safe. Proactivity is key. Ensure everyone understands the risks they face and takes all necessary precautions. Prevention is always preferable to cure, especially if you consider the financial risk associated with today’s dynamic cyber threat landscape.

 

[1] Gartner Information Security, Worldwide 2017-2023, 2Q 2019 update (2019 forecast)

Subscribe to the Proofpoint Blog