The COVID-19 induced shift to remote working has provided a golden opportunity for cyber criminals to target one of businesses’ biggest cyber vulnerabilities – the workforce. Since the UK lockdown began in March, the proportion of attacks targeting home workers has increased from 12% of malicious email traffic to more than 60% six weeks later. Businesses no longer have the luxury of traditional defensive and office-based security models, and with such a drastic transformation in how workers operate remotely, the cyber risks have increased significantly. In order to manage this risk, it is imperative to first understand it.
Fertile soil for growing a new scam
Since the onset of COVID-19 hackers have been working to use the situation to their benefit. In the same way that the offline world has seen telephone scams from people selling anything from fake virus tests, through to impersonating police officers and threatening fines for not following social distancing measures, the online world has been just as creative. Advance Persistent Threat (APT) groups and other cyber criminals have continuously targeted individuals, businesses and charities alike with COVID-19 related scams and phishing emails.
Typical examples include phishing emails tailored around news announcements from governmental or health organizations like the case study of the World Health Organization which attempt to lure users to a malicious website to provide confidential details. The UK’s National Cyber Security Centre recently warned of email distributed malware which purports to be from Dr Tedros Adhanom Ghebreyesus, Director General of the World Health Organization (WHO) but is, in reality, the Agent Tesla keylogger malware.
The test and trace regime in place in many countries is also likely to see a wave of phishing attempts with hackers disguising their emails under the banner of the government’s push to contact all those who have been in contact with someone infected with coronavirus. It’s not just emails that are vulnerable either, criminals are also targeting voice calls (vishing) or SMS (smishing) to get hold of an individual’s credentials or other sensitive information.
The , leveraging social media and public information to make their attack techniques as realistic as possible. Specifically, they can utilise the public information shared by companies about their remote working response to the pandemic and use this as ammunition in attempting to attack the workforce.
Held to ransom
If a remote worker falls victim to a phishing email and clicks on a link, the consequences for the business can be significant, with malware – and in some cases a form of ransomware – downloaded into an organization’s IT systems and possibly causing major IT downtime and business disruption loss of data or critical information. Ransomware cost businesses globally over GB£5 billion in ransom demands alone in 2019, and COVID-19 is likely to inflate that figure further in 2020. And it’s easy to see how such an attack can unfold in the fictionalized scenario below…
New tech: new problems
No business wants to fall victim to an attack like the one described above, but the problem for many organizations is that once COVID-19 hit, they were simply unprepared to move to a majority remote workforce operating model in such a short space of time. Many companies who have invested in securing their technologies appropriately turned to new services that could be vulnerable to hackers out of necessity. This trend has been picked up by the NCSC, who mention the use of communications platforms like where, “malicious cyber actors are hijacking online meetings that are not secured with passwords or that use unpatched software.” Of course, it’s important to balance cyber risk with keeping operations running – and employees in work – however appropriate safeguarding and due diligence for any major business tool is still required to protect the company.
Even where businesses are investing in a robust programme of cyber security and associated technologies, it is only ever as good as the people using the system. Research shows that two thirds of remote workers in the UK lack the basic cyber security training needed to spot a cyberattack, meaning they are more likely to fall victim to an attack, particularly when they’re not working from their usual office environment.
Undertake a CyQu assessment
Despite the increased threats posed by the significant uptake of remote working there are a number of steps that businesses can take to help minimize the risk. Understanding where the weaknesses are is the right place to start. Aon’s Cyber Quotient Evaluation (CyQu) is an online self- assessment which can provide insight of an organization’s cyber maturity and the reported areas identified as posing the greatest risk.
To help organizations deal with the remote working threat, a ninth security domain specifically focused on this area has been added to CyQu in addition to other critical cyber security domains such as network security, data security, and business resilience. By undertaking an online self- assessment, businesses are provided with a report identifying key findings and prioritized quick wins to help improve security maturity, as well as calculating a benchmark against industry peers to help an organization to understand how it compares with others.
Changing threats demand a changing approach to security
The cyber security threats continue to change as businesses adopt new ways of working and new technology. Whilst the pandemic may have accelerated the pace of change for digital transformation initiatives and remote working enablement, businesses should ensure they review the relative cyber risk to their operations and understand that systems which may have been secure before may now be vulnerable due to the change in operations.
Assessing where those risks are will help enable businesses to prepare and mitigate these emerging threats. Through understanding their cyber risk, organizations can work to prevent it and put in place additional protection such as the use of cyber insurance to help minimize the operational and financial consequences of an attack; critical at a time when a data breach or ransomware incident could significantly detract from an organization’s ability to come through the pandemic intact.
Find out more about how Aon’s Cyber Quotient Evaluation (CyQu) online assessment tool can help your organization counter the additional threat from remote working.
*Completion time will vary by user/industry and the complexity of your organization.
This material has been prepared for informational purposes only and should not be relied on for any other purpose. You should consult with your own legal and information security advisors or IT Department before implementing any recommendation or guidance provided herein.