The first half of 2020 has come and gone. I’m certain that no one who made any predictions regarding cybersecurity trends would have guessed correctly that a new virus would send the world into a whirlwind, closing entire countries, stopping all air travel, and forcing the largest companies to send all their employees to work from home.
Given this predicament, it would be challenging to try and predict how the second half of the year will unfold. Still, we’ve learned so much in the last six months, let’s see if we can’t come up with some credible estimations. Let’s start with the users (or victims). Covid-19 sent millions of people home: some permanently (having been laid off) and some to continue working out of office. This overnight transformation seems to be quasi-permanent; some of the worlds’ largest companies (Twitter, Facebook, Shopify, Zillow) have already declared this would be a viable work option for any employee who would prefer it.
Even in more traditional markets, change is happening. One of Japan’s largest employees, Fujitsu Ltd. will cut its office space by 50% over the next three years, encouraging 80,000 office workers to primarily work from home. Mere 35% Gulf-based businesses will work from home according to a survey conducted by GulfTalent. With millions of people working from home, there is an enormous attack surface ripe for the taking by malicious actors. It is no trivial task to provide the same levels of security for all these employees, operating outside the (relatively) safe perimeter of their offices and local intranet.
Furthermore, with time and with numerous IT “temptations” (like letting your kids use your work laptop for browsing) employees’ awareness levels can be eroded, leading to an increase in their vulnerability to cybercrime. Cybercrime attacks have boomed during the Covid-19 pandemic. A study by the Dubai Future Foundation found a 600 percent increase in phishing emails across the world, with healthcare facilities and at high risk.
Traffic to hacking-related sites and searches for hacking-related information and tutorials have skyrocketed during the months of March-May, indicating many “n00bs” (newbie hackers) are looking into studying a new profession. Many cybercriminal activities of the past months were related to the virus; the Telco Security Alliance reported a 2000% increase in COVID-19 Cyber threats in March alone.
While overall numbers of cybercriminal activity are on the rise, specific segments are doing better than others. For instance, the demand for stolen credit cards has dropped in the pandemic, while “old-school” scams (advertising of fake or inappropriate drugs and medical equipment, dubious investment opportunities, and more) are on the rise. As for the corporate world, cybercriminals seem to have become more brazen, employing much more aggressive techniques and showing a desire for quick monetization over long term profit.
Global and regional authorities are aware of this situation and are working to mitigate these threats, starting with increased cooperation between nations like the World Economic Forum’s Partnership Against Cybercrime. This initiative launched in April 2020 with the mission to explore ways to amplify public-private collaboration and fight global cybercrime.
The US data residency hosting platform, InCountry, selected a tech ecosystem powered by Mubadala shows that investing in data protective infrastructure is a priority for the UAE government and Abu Dhabi’s Hub71. The organization which currently operates in more than 80 countries – including Egypt and Saudi Arabia stores and protects data in its country of origin or citizenship which can avoid a nation’s data sitting in external jurisdictions.
While not directly endangering corporates and individuals, these activities can be directed against individuals or organizations perceived to oppose the principles of the hacker collective.
The past 6 months have been truly unique. While it is too soon to estimate the long-lasting effect of Covid-19 on our way of living, this period has likely caused the biggest change to the work landscape since the invention of the modern office, and as such, has greatly increased organizations and individuals’ vulnerability to nefarious cyber activities.
It’s not all bad news, though; law enforcement agencies are waking up to the scale of the problem and increasing cooperation, and organizations need to understand that the situation is not outside of their control. Manage your risk, deploy a capable behavioral AI solution that prevents, detects, and undoes the damage from known and unknown threats, and force cybercriminals to look elsewhere for the easy pickings.