Last year presented several challenges that no IT teams were expecting, but the biggest by far was the onset of the global COVID-19 pandemic and the subsequent web of complications and cybercrime that it brought in its wake. The seismic shockwave that the pandemic sent through the business world may never be fully measured, but we do have some idea of the challenges that it created around cybersecurity for businesses. In the end, the cocktail of epically understaffed IT departments, maintenance failures contributing to unpreparedness, record-breaking cybercrime and employee stress taxed IT teams like never before. Of course, that meant that cybercriminals were kicking their dirty work into high gear to take advantage of this golden opportunity, and that was very bad news for businesses.
The onset of the pandemic led to lockdowns. Businesses that wanted to continue operating had to rapidly shift to remote operations, and that was especially difficult for companies that were still mired in old technology. Suddenly everyone became a remote worker, and that created enormous problems for IT teams who needed to suddenly become experts in remote workforce security. Companies that had never encouraged or enabled remote or hybrid working were forced to scramble to get all of their workers functioning remotely or face shutting down entirely as lockdowns kept everyone at home. Often, there was no plan in place to facilitate this sudden shift. Many employees lacked training in remote work, and many security teams had never handled remote security. A barrage of unintentional insider threats assaulted IT teams daily.
Why was the Great Work from Home such a boon to cybercrime? Because IT departments were unprepared and chronically understaffed. Only 39% of IT executives polled in a staffing survey felt that they have adequate IT expertise on staff to assist employees with remote work issues, and only 45% of organizations reported having enough budget available to address the needs of either their IT team or their remote workforce, especially with skyrocketing rates of both activity and risk.
At the same time, IT teams were trying to cope with the fact that many employees were dealing with unexpected stress at home, making them more likely to make cybersecurity mistakes. Over 50% of respondents admitted that they were more error-prone while stressed. More than 55% of workers in an employee error detection survey admitted that they were frequently off-balance when working from home, leading to security blunders – 40% said they made more mistakes when they were tired or distracted. Altogether 43% of the workers surveyed reported that they had made mistakes resulting in cybersecurity repercussions for themselves or their company while working remotely.
All of this chaos and confusion was a goldmine for cybercriminals, and they pulled out all the stops. Experts estimate that overall cybercrime was up by 80% in 2020. Much of that increase came from phishing attacks that ensnared remote workers, 75% of companies were hit by phishing in 2020. Cybercriminals took advantage of the fact that many remote workers were distracted or had limited IT support and the immense amount of email that remote workers were receiving every day to slip in a sea of phishing attacks. Those attacks were frequently disguised as legitimate messages from businesses, brands and organizations Phishing skyrocketed by more than 650%, accounting for almost 80% of 2020’s total cybercrime. About 60% of cybercrime gangs relied on phishing as their primary infection vector in 2020.
Ransomware didn’t stay home to stop the spread either – a shocking 51% of all businesses experienced a ransomware attack in 2020. Two in five SMBs were impacted by ransomware in 2020, an increase of more than $145%. – and 50% of those attacks used vicious double extortion ransomware. These attacks were especially damaging to industries that vital to the development and delivery of treatments and ultimately a vaccine for COVID-19. Hospitals, pharmaceutical companies, even cold storage transportation entities quickly found themselves under siege. In a successful attack, bad actors didn’t just snatch their victim’s data, they also shut down production lines and communications systems, hampering treatment, manufacturing and research efforts. Ransomware continues to top the list of cybercrime trends in 2021 and that is expected to continue.
Stopping ransomware and decreasing a company’s risk of a successful cyberattack against remote or hybrid workers starts with stopping phishing and its destructive effects.
Security Awareness Training is essential for your staff as they are your first line of defense. Using Multi-Factor Authentication can help your team avoid many risks. For more tips to protect your organization and staff, contact us at firstname.lastname@example.org or contact our offices here. We will be happy to answer any questions you may have.
— ID Agent