As pandemic responsiveness gave way to chaotic situations, fraudsters continue to look for opportunities to scam their way toward a payday with a handful of cybersecurity threats particularly concerning to businesses.Cyber-attackers constantly monitor organizations searching for vulnerabilities. The threats to business included distributed denial-of-service attack, phishing, malware, employee malfeasance, ransomware and vendor/supply chain gaps.
Because COVID-19 responsiveness magnifies protection flaws, experts urged business executives to remind employees — often considered a security program’s weakest link — to summon their security training and recognize how attackers use any adversity, such as a pandemic, as breeding ground for chaos.
Recent incidents highlight the threats:
• IBM X-Force observed from March 11 through mid-April, a more than 6,000% increase in COVID-19-related spam, with lures such as phishing emails impersonating the Small Business Administration, the World Health Organization and U.S. banking institutions.
• The SBA reported a potential data breach on its website on March 25 of almost 8,000 business owners applying for disaster loans, inadvertently disclosing personally identifiable information such as names, Social Security numbers, physical and email addresses, birth dates, citizen status and insurance information.
• In April, the Federal Reserve Bank of New York warned the public of potential scams relating to the coronavirus and a 50% increase in phishing scams.
A recent Microsoft survey of nearly 800 business leaders worldwide revealed providing secure remote access to resources, apps, and data as the No. 1 challenge for security and IT crews, who must also constantly balance reaching business goals and looking out for new threats and scams. The report maintained, “For many businesses, the limits of the trust model they had been using, which leaned heavily on company-managed devices, physical access to buildings, and limited remote access to select line-of-business apps, got exposed early on in the pandemic.”
Even before the pandemic, businesses were under attack from hackers and spammers.
According to insurance carrier Hiscox, security incidents cost businesses of all sizes $200,000 on average; and an Accenture report revealed 43% of cyberattacks targeted small businesses with only 14% prepared to defend themselves.
To effectively respond to security dangers, especially those during the pandemic, businesses should seek a more proactive cybersecurity methodology containing early breach or threat detection, training staff, patching punctually, encrypting and restricting sensitive data, and using strong authentication.
A managed service provider can help set up a security blanket around any organization using firewalls, prevention systems, perimeter protection devices and unified threat management containers.
ThreatAdvice Virtual CISO, NXTsoft’s flagship software solution, provides oversight into all cybersecurity needs, warning organizations and advising what appropriate action to take. In addition, the ThreatAdvice EventTracker, provides a 24/7 SOC team of cybersecurity engineers to assist with threat remediation, remote and on-site. The ThreatAdvice SOC analyzes quarantined security alerts and ensures comprehensive protection. ThreatAdvice Endpoint Protection can roll back files to previous safe versions. ThreatAdvice Educate complements the education piece to ensure compliance and oversight. It can also provide a Virtual Information Security Officer that helps identify informational asset risks, controls in place and the efficacy of those controls, and where to focus a cybersecurity program to best improve defenses.