It is both incredible and disturbing what we are capable of when the lives, health, or security of ourselves and loved ones are threatened. Fear is an incredibly powerful tool. It has been used as a weapon to manipulate and control for thousands of years, says Eleanor Barlow, content manager for SecurityHQ.
The biological reaction to fear is equally as useful to those implementing it. When we feel anxious, a chemical reaction takes place in our body. Our heartrate rises, our muscles tense, and our breathing quickens. Our actions, from this point, are instinctive. Fight or flight. We do not think, we react. Often, our natural response is to panic. Yet, in panicking, we do not reason. We do not evaluate the situation and can often make mistakes. Fear blurs our mental functions and confuses our physical reactions. It makes us stupid and blind to sensical action.
Henri Hypponen, a creative director, and keynote speaker on fear goes as far as to argue that fear not only makes us stupid, but that it collapses group intelligence, prohibits explorative behaviour, and shrinks our personal and professional lives. This is a very useful tool. And now, in a COVID-19 world, fear is not only prominent, but exploited by a very specific threat.
Cybercrime was escalating at a rapid pace, and on a monumental scale, well before the pandemic. In a report provided by the University of Maryland, a cyber attack occurs somewhere in the world ‘every 39 seconds.’ And, according to Cybercrime Magazine, the resulting damages are not only increasing, but will cost US$6 trillion (€5 trillion) annually across the globe by 2021.
This is not an unrealistic estimation, considering the statistics produced by the FBI IC2 2019 Internet Crime Report, in which 467,351 incidents led to a loss of more than ‘$3.5 Billion (€3 billion) in 2019’ in America alone.
In the United Kingdom, ‘The extent of cyber security threats has not diminished. Almost half of businesses (46%) and a quarter of charities (26%) report having cyber security breaches or attacks in the last 12 months. Like previous years, this is higher among medium businesses (68%), large businesses (75%) and high-income charities (57%).’
It is also worth noting that a great majority of cyber attacks are not reported. On top of those that are discovered and concealed, many sit undetected by organisations who simply do not have the systems or technology in place to identify a breach in the first place. This means that the actual number of cyber-attacks is far greater than the statistics reported.
Which is why there is an element of fear for any business with an online presence. And, with ‘almost 4.57 billion people being active internet users as of April 2020, encompassing 59% of the global population’, the number of cyber attacks and data breaches is only anticipated to increase further and cause more fear in the process.
Changes in infrastructure
The issue now, however, is that working conditions surrounding COVID-19 have provided a multitude of additional opportunities to cyber criminals. As businesses work remotely or start to transition back to working environments, they are more vulnerable than ever. This is because the traditional infrastructure that organisations relied upon pre-COVID, has been taken away.
No longer can you just pop down to the IT department for a quick chat. And, even if you were in the same location, or managed to get someone on the phone, IT teams now have a backlog of issues to contend with due to the sudden influx of problems formed when remote working changed all the processes and protocols practically overnight. This delay in communication, lack in knowledge, and minimised resources, has given cyber criminals the opening they hunt for.
With the knowledge that you are sitting at home with vulnerable devices and networks, endpoints have become the principle target. Which is why we are seeing a spike in the amount of malware, DNS and VPN attacks.
Most organisations are aware, if not of their own vulnerabilities, then of the increased need for cyber security. A survey carried out by AT&T suggests that ‘73% of “leading” organisations view strong cybersecurity as a contributor to business success’.
As such, cyber security is in demand and on the rise. But with so much tech jargon, and without the expertise or guidance of what threat detection and managed security services to look for, businesses are placed in greater danger as they meander through the mass of options available online.
This provides the perfect opportunity for bad actors to mimic and disguise themselves as cyber security vendors. Malwarebytes, for instance, discovered a page online mimicking their legitimate homepage. With the same text, images and layout, the only visual difference was the contact number. Malwarebytes tracked this number, to discover that it led to a network of cyber criminals, including the cybercrime group known as Tech Kangaroos. According to Ben Rossi, ‘When unwitting customers called the number, they found themselves being charged hundreds, if not thousands of dollars for completely bogus software support.’
A spokesperson for Symantec/Norton argues further that ‘These types of scams are a significant problem, as the individuals behind them need little more than a website and phone number to pull them off, tricking consumers into giving away banking information, passwords, or even money’.
What to do now
First, do not panic. If you let fear rule your actions you are going to make a mistake. Understand that you are not alone. The majority of companies around the world are now asking the very same questions that you are.
To safeguard your company, people, processes and data, our experts are here to help you every step of the way. Managed security service provider (MSSP) SecurityHQ is a global managed security services provider that monitors networks 24/7, to ensure complete visibility and protection against your cyber threats. Threats can be both external and internal. Which means that the right combination of tools, skills, people, and processes are essential to manage, detect and defend your environment from all malicious activity.
The author is Eleanor Barlow, content manager for SecurityHQ.
Follow us and Comment on Twitter @TheEE_io