How To Avoid Cybersecurity Challenges Brought On By the Pandemic

A high-profile entertainment law firm was hit in May by a ransomware attack, with the hackers demanding $42 million under a threat to expose documents on the firm's clients, which include AC/DC, Lady Gaga and Robert De Niro. Law firm client data, particularly personal and financial information about celebrities, has a very high value to hackers.

As the current pandemic has forced much of the world into virtual workforce mode, cybercriminals have seized on the uncertainty of the current times to launch new and creative offensives. Fears surrounding COVID-19 are high, conspiracy theories are running rampant, and cyberattackers are counting on stress and distraction to decrease our vigilance against intrusions.

Unfortunately, their strategy is working. More people than ever are being duped, and organizations are left more vulnerable to attacks as threats to data privacy and security noticeably continue to increase. The uptick in attacks has been compounded by the fact that some organizations deployed remote work solutions as a short-term fix, with ad hoc and untested methods for protecting data, leaving remote employees less secure against threats.

Here are some of the emerging challenges in the cybersecurity landscape and tips on how to avoid them.

IoT Attacks

Internet-connected devices are ubiquitous these days. Each of these devices, from video doorbells to virtual assistants, from smart cameras to multifunction printers and scanners, offers hackers an access point for infiltrating your network from afar. Consumer products are vulnerable as well. Home security products provider Ring was hit by a class-action lawsuit in the U.S. for reports of multiple hacking incidents on its security cameras.

Hackers recently took over a smart home in Milwaukee by compromising the connected devices. The attackers played disturbing music from the video system at high volume while talking to the residents via a camera in the kitchen and also changed the room temperature to 90 degrees Fahrenheit by exploiting the thermostat.

When adding a new smart device to your network, research the product's security and always change the default password. Cybercriminals have used the most unexpected objects to perpetrate their attacks, causing manufacturers to strengthen security features.

Smishing

As communications increasingly move away from traditional email systems and into new apps and tools, attempts to infiltrate those communications are evolving accordingly. Just like phishing schemes target emails, smishing attacks target text-based communications in other platforms such as WhatsApp, Slack, LinkedIn or Signal.

With the increase in remote work and use of virtual meeting platforms, "Zoom-bombing" has also become a thing. Bad actors get access to a Zoom meeting, posting pornographic, racist or other inappropriate content for everyone on the call to see.

Historically, these platforms were used more often for personal communications than for business, meaning vigilance about security might not have been as high. Now, though, when everyone is working from home and incorporating all available tools into the new virtual workplace, all communications methods need to meet the same rigid security standards that you apply to more traditional technologies.

Synthetic Identities

Identity theft is nothing new, but today's cybercriminals are employing more sophisticated identity fraud schemes that combine real and fabricated credentials to create highly realistic illusions of actual people. With personally identifiable information and subject data rights playing such a major role in current privacy regulations, realistic identity impersonation presents a significant risk.

Identity fraud hackers also employ social engineering tactics, collecting personal data on an individual from social media and convincing unwitting businesses to provide personal information on a target.

Organizations that collect and store things like consumer data or health data can be particularly vulnerable to these attacks. As attackers continue to advance their identity fraud methods, businesses need to redouble their focus on data protection and make sure they're enforcing the most stringent identity verification procedures possible.

5G Threats

The shift to 5G technology has spurred significant debate in the past year, including among technology experts, who warn that 5G will create additional cybersecurity risks for businesses and governments. In a 2019 study by Information Risk Management, 83% of cybersecurity and risk management decision-makers thought that 5G would create new cybersecurity challenges, particularly a greater risk of attacks on IoT networks. With 5G's increased bandwidth (Internet speed), more data will be collected, sent and received on mobile devices.

Because 5G technologies reportedly create a wider attack surface and lack security by design, organizations switching to 5G might need to increase their security efforts. Particularly at a time when attacks are on the rise, any security shortcomings in new technologies will need to be accounted for through increased vigilance and greater investment in security on the organization's end.

CCPA Enforcement Increases the Pressure

A cyberattack can result in financial penalties, costly litigation and loss of reputation. Moreover, a breach involving the personal data of California consumers brings with it the risk of litigation under the California Consumer Privacy Act (CCPA).

Despite the upheaval caused by the COVID-19 pandemic, the state of California has not relented on its timeline for enforcing the CCPA, so organizations should expect the July 1, 2020, start date to stand. A few class-action lawsuits have already been filed under the regulation, and the outcomes of those cases will help paint a picture of the enforcement landscape going forward.

Many organizations have put significant effort into preparing for CCPA compliance, but those efforts should be reviewed and strengthened now that enforcement is imminent. Particularly in light of the new wave of cybersecurity threats that have emerged during COVID-19, organizations need to revisit their data security requirements and address holes in their processes, data storage methods and security measures.

Cybercriminals aren't backing down because of COVID-19, so neither can you. It's crucial to not let the new wave of threats to data privacy and security that have emerged during the pandemic undo the compliance work you've already done and open your organization to disruptive litigation and expensive compliance penalties.

*****

Tomas Suros is a technology advocate working at the intersection of IT and client consulting. With AbacusNext since 2004, he currently serves as global director of product marketing, guiding firms through the process of identifying forward-facing technology options and ensuring the successful implementation of a tailored solution. He can be reached at [email protected].