Photo by Big Dozy via Unsplash
It's been weeks since state governments issued the safer at home orders. The days seem long, and other days it can be easy to forget what day of the week it is. Our routines have shifted for those who are working from home. I have not been in the office for over a month in half due to the COVID-19 pandemic. Not only does that change the way we work, but how businesses now use computers and other technologies.
Since we have a different form of communication without having the opportunity for face-to-face contact, our systems are now at risk. We can relay quick information through a skype message or an email. However, in-depth data that addresses security measures for networks tells a different tale. This data is where cyber-attackers feel that they can pry on those that are unprepared for this transition. These attacks are evolving, and we will need to continue to stay vigilant. We are living in a world that for most people, working remotely is mandatory.
The global pandemic has changed the way we work from the office to working remotely. However, the question is, how prepared are businesses to make a shift in having their employees working remotely? It may not affect operations too much, but it will slightly affect our communication. The more significant issue is the cybersecurity and the networks for people making this shift. Forbes article, “What’s Changed (And What Hasn’t) For Cybersecurity in The Wake Of This Pandemic," looked at variations of how companies are looking for alternative ways of "the new normal for cybersecurity – not a temporary normal."
Enterprises still have limited means to detect these data breaches, but these attacks are still likely the same. Phishing, spoofing, direct access attack, malware, and others are left up to the employee to make the appropriate decision to report it to their IT cybersecurity team. These days, however, it isn't always easy to point out these attacks initially. These attacks are crafty in such a way that an email you received can appear to come from a co-worker in a different department; that is if your company is large enough. Even for small businesses, these attacks could look like an invoice came from one of your vendors or customers.
According to the Verizon Data Breach Investigation Report 2019, 94% of malware is delivered via email, with 45% of them coming from an office document attachment. It is as simple as clicking download to open that document to infecting your computer. The worst case is that it spreads throughout your company's shared network for others to receive. More than likely, this will end up locking up the entire network system and holding the company for ransom, which can be problematic.
Norton, a cybersecurity company, looked at the top 10 countries affected by targeted attacks between 2015 and 2017.
The United States is found to be the prime target for cyberattacks. The cost of these cyberattacks only continues to rise. At the same time, we cannot be too surprised by this due to our large technological advancement over the past decade, and we do not seem to be slowing down any time soon. Now, we are in a pandemic that focuses more on remote work and the increasing threat of cyberattacks.
Companies that rely on confidentially and security may practice with their employees how to spot phishing emails or malware with corporate email training. A test to see who is paying attention and who needs more training. Ongoing training for cybersecurity that some companies would like to call it. However, it is a necessity for companies such as financial institutions, insurance, government, or any other businesses that are related to privacy for customers.
So, I know you must be wondering, what is the cost for data breaches? A study for IBM has a tell stats from Ponemon Institute's 2018 Cost of a Data Breach 2018, which estimates that the "Cost of the average data breach to a U.S. company [is] $7.91 million." Let's compare that to the worldwide average of $3.86 million. That is an estimation of a $4 million-dollar difference, which points out how often the U.S. is the main target for these types of attacks. With so much money leaving out of the cyber door, there is a wonder how long it takes an average company to identify the data breach. On average, it takes 196 days to identify a data breach based on the Ponemon Institute's 2018. Thus, before anyone realizes money is being siphoned from the account, almost half of a fiscal year is over.
We cannot blame large operations from not realizing money getting drained since transactions are happening quite frequently. Cybersecurity continues to advance and become keen on protecting companies from any type of attack. But cybercriminals are also getting better at being undetected around these surveillances. Think of companies as a large city with a wall around it with many gates to keep out any foreigners that intend to harm everything inside these walls. The city is well protected from any big threats that are visible from a mile away, but there are many entrances for someone to sneak themselves in. At that point, it is all about minimizing the damages by detecting the breach as quickly as possible.
A smaller business, however, would notice an unusual transaction quicker since fewer transactions occur in their company's bank account. Furthermore, an owner who is in a startup business will keep a close eye out on every transaction. Even with computer technology, it would take far less time for them to identify a data breach within their systems.
Email is not the only way for a data breach. These data breaches could occur from your mobile device. The same report found that third-party app stores hosted 99 percent of mobile malware. A third-party app is a software made by someone other than the manufacturer of the mobile operating system. Many developers create apps, but not all of them are featured on Google's or Apple's operating system.
The government is taking action for these attacks as they foresee more attacks happening in the future among the pandemic. Sen. Angus King (I-Maine) testified that "cyber threats were only 'magnified' by COVID-19, as attempted hacks on healthcare and research groups involved in fighting the virus have spiked" as reported by The Hill. These attacks will not be slowing down anytime soon.
How we choose to ride out and avoid these attacks is different for every business. Such threats varied for every industry, and every attack has a different goal since not every attack is about money. These attacks are after information such as social security, date of births, addresses, and other personal information to commit other crimes, such as fraud.