COVID-19 an ‘optimal psychological angle’ for cybercriminals

A remote workforce presents a mammoth cybsersecurity challenge, as hackers increasingly exploit public fears around the coronavirus.
23 March 2020

Cybercriminals are striking hard as businesses go remote. Source: Shutterstock

The mass migration of employees working from home has opened up new access points for hackers and bad actors to exploit.

While organizations across the world are accommodating the new norm in working, cybercriminals are strategizing to exploit a lucrative, and more vulnerable market, than ever. 

Cybersecurity teams are collectively pushed to face and respond to a unique set of challenges that are poised to bring great losses for companies in a time of economic uncertainty.

The security challenges are vast as it expands beyond an office environment and is exposed to the specific set up of each employees’ home. While employees are adjusting a new routine of teleworking, they are also introduced to new potential vulnerabilities. 

The rapid implementation of social distancing and work from home practices pushes employees to meld their personal desktops with company tools and systems at an unprecedented scale. This poses a unique challenge for cybersecurity teams as it becomes difficult to monitor malicious traffic due to the varying devices used. 

Cybersecurity risks are not limited to those working on their home devices, as company-produced laptops may be protected by internal safety measures but are equally exposed to external threats when removed from the parameters of a secured configuration and network. 

Under normal circumstances, the transition from office desktops to laptops on sofas is executed and facilitated over months.

However, with the ongoing pandemic, companies are prioritizing a seamless transition to ensure minimal disruption in the daily workforce. More often than not network security is left as an afterthought.

Even though a ‘downgrade’ from having an IT department on standby in the office to a home environment that may not have an overarching cybersecurity facility leads to heightened risks.

Scott Watnik, a cybersecurity attorney from Manhattan-based law firm Wilk Auslander, pressed that employee negligence is, without a doubt, the main cause of data breaches and working from home pose even greater risks.

However, making the situation more difficult to manage, hackers are even exploiting the anxiety around the crisis itself in their attacks. 

Speaking to TechHQ, Watnik said the modus operandi of hackers is now on leveraging public fear and anxiety to induce employees to open and engage phishing emails claiming to be from reputable health organizations or vital information on the pandemic. 

“The worldwide panic and fear about COVID-19 is an optimal psychological angle for cybercriminals to exploit. When people are constantly concerned or stressed about this health crisis, they are more prone to be lax with respect to cybersecurity,” said Watnik.

The home environment, where employees must deal with multiple distractions such as background noises, restless children, “increases the likelihood of someone clicking on a link in a phishing email, or providing their user name, password or other personal identifying information to cybercriminals operating malicious websites,” he added.  

At this point, work from home is becoming a necessary move for all companies, even for organizations that are not accustomed to this style of management. The banking and finance sector is one that is feeling the heat of the pandemic and added pressure to remain ‘business as usual’ while the financial ecosystem is volatile. 

An increasing number of banks are reported to be facing strains on technological resources. Citigroup, the third-largest American bank by assets, had to organize specific login times for its US-based and European-based workers to prevent overwhelming the system. 

Citigroup also joins JPMorgan and Morgan Stanley in relocating its traders to alternative work sites in New Jersey and Brooklyn in a bid to ensure the security of trading activities that require high regulation with robust internet connections and specialized work stations in offices, as reported in CNBC