Cybersecurity and COVID-19: Responding to Increased Risks

Published: April 14, 2020 by Michael Bruemmer

The coronavirus crisis has changed the way companies of all sizes serve, protect, and connect with their consumers and employees. In addition to keeping people safe, the C-suite is managing two other top priorities:

  1. Safeguarding their organizations against new threats
  2. Maintaining business as usual during this unusual time.

Stretched Security Limits and Increased Exposure

With millions of employees and students logging on to work and learn, the digital doors to potential cyberattacks have swung wide open. With more people using company-issued devices, videoconferencing, and other collaboration tools, technology executives and IT departments have pivoted from their normal activities to set up and oversee remote workforces, virtually overnight.

Then there are the vulnerabilities of established cybersecurity challenges, such as employees opting not to use VPN software, downloading consumer-facing networks, and engaging in other behaviors to maximize their data and system experiences that could pose security risks.

Once people sign off from their work from home responsibilities, they are again turning to the internet to shop, socialize, and stream entertainment, presenting additional and increased security concerns, such as phishing and malware.

Systems Under Attack

In recent weeks, the videoconferencing platform, Zoom, experienced “Zoom Booming,” a new type of trolling that takes place when uninvited callers disrupt video meetings. The practice creates a space where bad actors enter public calls to collect information for intelligence gathering.

Also, just last month, General Electric filed a data breach notice in California after one of its partners, Canon Business Process Services, which handles human resources related documents, was compromised. The breach exposed marriage, death and divorce certificates, as well as beneficiary information and passports.

Healthcare and Health-Related Scams are Rising

In early March, reports revealed that elite hackers attempted to break into the World Health Organization, as attack attempts on the agency along with its partners, spiked amid its fight to get the virus under control. Hackers even activated a malicious site that mimicked the WHO’s internal email system in an attempt to steal the passwords of multiple agency staff members. On a similar front, the U.S. Department of Health and Human Services also found itself on the defense from an attack.

During these unprecedented and uncertain times, scammers are leveraging the COVID-19 pandemic to advance their schemes with everything from sending fake CDC emails and targeting vaccine facilities with ransomware to selling counterfeit treatments and equipment.

Perhaps the most startling statistic in this space so far: About 2,000 coronavirus-themed websites are popping up daily, and most are malicious, according to Alexander Urbelis, a cybersecurity expert and attorney with the Blackstone Law Group which tracks suspicious internet domain registration activity.

Sought after on the dark web, medical data and all of the PPI (personally identifiable information) it contains, such as Social Security numbers and financial data, is a hot commodity.

Servicing Users, Securing Systems and Savvy Hackers

In this evolving and challenging environment, the bandwidth of corporate IT departments and other entities alike is being tested and divided between handling increased activities such as managing critical security patches, policing the downloading of unauthorized apps onto company devices, and a host of other security requirements and concerns—potentially taking their attention away from monitoring malicious activity.

Preparation During the Pandemic

The increased COVID-19 IT security threat is real and will linger long after normal business operations resume.

To protect their networks, companies, and customers, cybersecurity teams should prepare and stand ready to respond in the event of a security breach. In these dynamic times, Experian’s Global Data Breach team remains fully operational and committed now more than ever, to protect our partners against cyberthreats and attacks.

To learn more about our Data Breach Resolution and Reserved Response products, contact your EPS sales representative today.