Statistics from the World Economic Forum indicates that cyber attacks are the third largest concern for organizations in the post-Covid world, after the global recession and the increase in business failures.
Cyber attacks are growing taking advantage of the explosion of Telework
Covid-19 has not only brought economic problems but a massive increase in cyber attacks. According to a survey conducted by PwC with CISOs/CIOs regarding the post-Covid cyber security environment, cyber attacks increased in March and April 2020, with peaks in intrusions expected over the next 6 months. By the end of February alone, phishing attacks had increased by more than 600%, and we have seen outbreaks of phishing as the coronavirus spread globally. Cybercriminals continue to deploy proven techniques and demonstrate their “entrepreneurial” spirit and resilience to deploy new social engineering campaigns to achieve their goals.
Most organizations have been forced to make a rapid shift to remote work, moving their people and computers beyond the security perimeter of the corporate network. New remote working configurations, urgently promoted to enable business continuity, have brought with them increased exposure to threats. Covid-19 has forced a radical transformation in the way we work, where projects that would have taken months in the past have been executed in a few weeks. Business continuity has imposed itself on certain risks assumed that would never have been accepted in other circumstances.
Nevertheless, remote work has come to stay and we will see in the coming months combinations of local services with remote work in most companies. This means that the tests, and security plans orchestrated previously to protect the perimeter of the companies have their risks. With the explosion of remote working, the barrier of what was previously considered reliable, on-network, and unreliable, or off-network, has been removed.
Data leaks usually come from within the organization
We have users accessing corporate data beyond the organization’s firewalls, and external collaborators who must also access corporate systems from different locations. Based on a survey conducted by Forrester (“Global Business Technographics Security Survey”) one of the main vectors of information leakage comes from inside the organization, and these include leaks in partners who collaborate with us with our data, our systems, but not necessarily within the traditional network security perimeter.
On the other hand, an attack directed at the company or a collaborating partner, makes the attacker behave like an “insider”, from within the network. One of the types of attacks that has increased the most in recent months is “ransomware”, where it is no longer enough to encrypt data: In December 2019 the hackers behind the ransomware attack Sodinokibi stole data from their victims before encrypting it and then posting it on the dark-web. With ransomware Maze they went further and published stolen data on public websites asking for a ransom so that they would not continue publishing.
The extent of the damage extends far beyond the cost of having to recover information from backups, business interruption due to loss of access to information, and other situations seen in previous ransomware attacks. In this case, the potential publication of internal or third party data of the attacked companies can plunge the companies into numerous lawsuits, litigation, non-compliance with regulations, and their derivatives: loss of trust, high financial penalties, resignations, etc.
In May, more than 150 organizations globally saw their sensitive data published and were extorted to prevent the publication of new data. Most of these attacks occurred after the declaration of the Covid-19 global pandemic.
How to face this new post-Covid normality?
A click on an email, a failure in an alert, an error in a security team, an oversight by a user or a partner… In this new context, and with cybercriminals improving and promoting new techniques of social engineering, it only takes one mistake for us to lose control over our data, over our sensitive information. We face irreparable failures if they get to the wrong people.
We invest in the network, equipment, but in the end the most valuable thing is our data. We are in a new era where “inside the network” is not synonymous with secure and “outside” is not synonymous with insecure: the boom in teleworking, collaboration with partners, and targeted attacks that act as interns in our networks, mean that the security perimeter must go beyond the borders of the organization. How can we minimize the risks regarding our data in this new context?
“Past July 9th, Luis Miguel Gil Perez, who was the president of Telefónica Spain between 2011 and 2018, and where he was also responsible for the mobile business of the telecom operator in Latin America, offerered, in an Online Event, together with Luis Angel del Valle, SealPath’s CEO, and Javier Modúbar, Ingecom’s CEO, his vision about the risks that organizations face regarding the loss of their most valuable information in the new post-Covid reality.“
We also showed how a “Zero-Trust” protection strategy, focused on data, can help organizations be safe from threats to their most sensitive data in this new context.