Cyber Attacks: The New Security Pandemic
Chaos is the Christmas for fraudsters. The post-pandemic digital wave has turned into a playground for cybercriminals. These online conmen have been camouflaging as bank staff, health workers, tax consultants and even as art bidders to mint fortunes from people, private enterprises and government bodies. The COVID crisis, unfortunately, didn’t give enough time for CIOs and IT security teams to stand ready and anticipate malicious cyber-attacks. There has been a rampant rise in breaches throughout the world. According to Arkose Labs, a cybersecurity company, nearly 445 million cyberattacks have been reported since the start of 2020.
Forms of Cyberattacks
Spam emails and phishing are the most common forms of cyberattacks, targeted mostly at individuals. Attackers employ this method to steal a small amount of money from a large group of individuals or to gain bank account access and credit card details. DDoS (Distributed denial of service) are attacks that are triggered to interrupt online services by deliberately crashing websites with multiple artificial requests. e-commerce business often faces this type of attack. Ransomware is another method with which attackers encrypts an organization’s files and demand ransom to restore the data access. Beazley, a specialist insurance firm, released a report saying that ransomware attacks were increased by 25% in Q1 of 2020, compared to Q4 of 2019.
Enterprise Security Struggles
CIOs and security teams are under tremendous pressure to mitigate the looming security risks. As most enterprises are now adapting the work-from-home model, employees’ access critical files, sensitive data and client servers from their home networks. Sadly, these networks are not as robust as enterprise networks to escape from malware. Also, the uncertainty in headcounts, due to downsizing, means security teams have to continually revisit processes on security compliance, identity management and access rights.
On the other hand, the downsizing has impacted the IT security teams as well. Exabeam’s, a SIEM company, recent report indicates that 4 in 10 organizations struggle with SOC (security operations centres) staff shortages. At the outset of this precarious situation, KPMG’s security advisory team has released a set of checklists and frameworks to guide CIOs and IT security organizations on post-COVID cybersecurity issues.
World’s reaction to Cyberattacks
Of all cyber shams, the one that caught the most attention was the online sale of India’s ‘Statue of Unity’ for USD 4 billion. The Indian police had registered a case against this unknown online fraudster who bid the 183m tall statue for sale. Currently, the Indian government is working with a few private online training institutes to increase awareness around cybersecurity issues.
Recently, the US government has launched a malware sharing portal, Cyber 9-Line, to share information around cyberthreats. The UK’s National Cyber Security Center also launched a reporting system called Suspicious Email Reporting Service to help public and private sectors avoid cyberattacks. On the first day of the service launch, nearly 5000 suspected emails and 80 malicious campaigns were taken down by the UK team. Similarly, the middle-eastern gateway Dubai has introduced the Industrial Control Systems (ICS) Security Standard to protect the digital data of various business operating within the city.
Amidst all the uncertainty, there is a silver lining: many cybersecurity companies have rolled out free software, essential tips, governance frameworks and other resources to combat this cybersecurity pandemic collectively. With measures from governments and the support from private enterprises, the likelihood of keeping the cyberattacks under control is very high. Down the line, in a few months from now, the SOCs will be in a better position to handle all types of cyberattacks.
Sources: securityboulevard.com, cisomag.org and a few other websites.
