This is a guest blog post by Andrius Ribinskas, Information Security Expert at Tesonet.
Coronavirus caught us by surprise. Some countries were more successful in fighting pandemic and some were not. As social distancing is a great way to stop it from spreading, it’s based on, well, you guessed it – distance. And in today’s world, communication is the key to being operable in such an environment, where coworkers don’t interact directly. Lots of companies had to adapt quickly, but something that is done fast, not always has all the critical checkmarks.
The threat in times of crisis
One of the biggest checkmarks that lots of companies missed is cybersecurity. Starting from random kids crashing Zoom meetings or prank videos streamed at online classes, ending with millions of dollars lost on crypto viruses attacking hospitals and other public care facilities. A real black hat hacker has no remorse. They don’t care if cyber-attack will prevent someone from getting medical attention in time.
The medical industry is on fire now, with data streaming in rates never seen before. Doctors, logistics staff, scientists, and lots of other people must be on the same page all the time to control the situation and the hackers know that. People from all around the world are joining online meetings, sharing their work, and making major decisions over the internet in the comfort of their home, so malicious actors keep trying to exploit this somewhat new style of work.
Online meetings – public for everyone?
The pandemic wasn’t bad for business for everyone. For example, Zoom Video Communications had its stock price doubled in the last few months. Zoom is a great platform to meet and collaborate between remote coworkers, so naturally, its popularity skyrocketed. However, increased attention was not good from all perspectives. At the very beginning of massive confinement, it was plagued with hecklers crashing unprotected meetings. As “Zoombombing” might not sound that harmful, there was a huge potential for information leaks because of unauthorized people joining private conversations.
Although the security team of Zoom took adequate actions to raise awareness of the problems, this highlights a much bigger problem. It’s a lack of basic security awareness from people using it. Basically, this means that most of the invaded conference rooms were not protected by a password. One might say that Zoom was flawed by design because the passwords were not enforced by default, but it’s not fair to put the blame for something as trivial as a simple password.
Social engineering – hacking humans
Another troubling issue that bloomed during this pandemic is social engineering attacks. Social engineering is something that could be described as “hacking of the human mind”. It’s a set of techniques (e.g. phishing, baiting, pretexting, etc.) to gain trust, extort information, or use someone to get access to personal or professional data. As most of these attacks are easily detected, more advanced hackers sculpt their attack to be extremely convincing.
During the pandemic, attackers started impersonating medical professionals, government representatives, or charity seeking agents urging people to donate and help to fight the virus. As the accurate statistics are hard to calculate, most companies started noticing a substantial increase in these attacks.
How bad is it?
Overall, it’s not terrible. Basic information security awareness is something that slowly carves its way to every company’s onboarding checkmarks. More and more employers are interested in information hygiene. As we should be aware of risks to our health these days, the same goes for security. Changing your password once every few months is like applying disinfectant on your hands. Making your password complex and harder to guess is like washing them at least 20 seconds.