What Happened?
For many businesses keeping customer information safe is important. It helps their reputation to show they are reliable and wont compromise your data. It also prevents them from having to provide compensation to those that would be effected by their negligence. Some large companies may already have a very secure infrastructure, but the current pandemic has forced many businesses to convert to all or mostly online operations. This is a major problem because many of these business know nothing or very little about securing their networks, and the importance of keeping data secured. As a result there are many vulnerable networks and people out there now who will very easily be taken advantage of.
Cyber criminals are taking advantage of the chaos and uncertainty that has come with this pandemic and drastically increased their amount of attacks. According to a study by Iomart a cloud computing company the number of breaches in the first quarter of this year increased by 273% compared to the same time last year. With the sudden rush to at home work, even companies who have secure networks found themselves in trouble as they were not able to handle the massive increase of load they were putting their systems through that comes with remote working. This resulted in many just focusing on availability first and putting security on the sidelines. Some businesses are finally now going back and creating more robust remote systems, because they have realized the situation we are in likely isn’t going to be ending anytime soon.
Ransomware
The two most common attacks are ransomware and phishing schemes. With many healthcare facilities having most of their data stored digitally it is no wonder this is a favorite in terms of cyber crime. In a report by VMware ransomware attacks have recently increased by 90%. Hospitals’ data is important to saving lives and trying to stop the virus, and criminals know that they will be willing to pay for it back. If they were willing to pay for their data back before the pandemic, then think of how much they will be willing to pay for it now. Even just a few hours without it could mean the lives of many people lost, or the delay of important information getting to where it needs to go. It’s not just health related organizations either, governments at all levels are being targeted. The city of Florence, Alabama paid around $300,000 after their network was attacked. The attackers who disabled the city of Torrance, California’s email and financial system were demanding $700,000 to get it back.
Phishing Schemes
As previously stated many organizations not used to the digital infrastructure have suddenly been forced into it in order to even have a chance of surviving. As a result phishing attacks can be very successful, because employees are unaware of what is happening, or don’t realize the information they are receiving is fake. As of mid June the FBI said that their Internet Crime Complaint Center recorded 12,377 Covid-related scams. Criminals first started with email spam about Covid-19 statistics and information trying to get those unaware to click. Next it moved on to stimulus check information and fake updates from employers. Employees working from home on their unsecure home networks, and falling victim to phishing attacks has played a large roll in the increased amount of breaches over the course of the pandemic.
What Should be Done?
It is understood that the Covid crisis has brought on many challenges and hurdles for people, companies, and governments alike. However that is no excuse to have totally insecure networks with private information being stored on them. Organizations should seek out security information from experts and invest in tougher networks in order to keep information safe and prevent harm. Privacy and protection of data laws are mostly up to each individual state. This means that there is no minimum standard for security. From the massive increase in attacks due to the pandemic the federal government should realize its time to take action. Implementing laws that would require a minimum level of security for organizations that store private data, and enforcing consequences for those who do nothing in response to a breach in their system would help to decrease the amount of breaches happening, and make us more secure as a country.
Joshua Powalowski
Sources
“INTERPOL Report Shows Alarming Rate of Cyberattacks during COVID-19.” INTERPOL, 4 Aug. 2020, http://www.interpol.int/en/News-and-Events/News/2020/INTERPOL-report-shows-alarming-rate-of-cyberattacks-during-COVID-19.
Sheng, Ellen. “Cybercrime Ramps up amid Coronavirus Chaos, Costing Companies Billions.” CNBC, CNBC, 29 July 2020, http://www.cnbc.com/2020/07/29/cybercrime-ramps-up-amid-coronavirus-chaos-costing-companies-billions.html.
RIT Cyber Security Policy and Law Class Blog 