With the rise of COVID-19 and organizations forced to transition to teleworking, cybercriminals have found a new breeding ground to carry out their modus operandi. These scammers take advantage of businesses’ computer security weaknesses and the fear of the virus among employees to deploy phishing campaigns and ransom attacks that extract sensitive information and confidential data from their targets. Now more than ever, it is essential for organizations that operate remotely to protect themselves against this growing scourge, which claims thousands of victims and results in significant direct and indirect losses.
The Current State of Cybersecurity
A 2019 CIRA Cybersecurity report highlights the current situation of Canadian organizations in terms of information security and cybersecurity.
- 71% of organizations experienced a cyberattack in 2019 in the form of security breaches of varying degrees. CIRA Cybersecurity predicts an increasing number of cyberattacks in 2020 resulting from the outbreak of coronavirus.
- Malicious actors perpetrated 6,178 ransom attacks per day. In Canada, 77% of organizations targeted by these attacks have responded to the threats by paying a ransom to protect their confidential data and sensitive information. In contrast, in the United States, a mere 3% of organizations responded to the threats they received. These statistics are a good indicator of the maturity of Canadian information security and cybersecurity programs.
- The average cost of a security breach for an SME is $879,582. This figure includes the direct costs (ransom, data recovery, getting the business up and running again) incurred by ransom attacks but does not take into account the indirect costs of loss of reputation and decreased business productivity.
- According to the CISO, in North America, there is a shortfall of 3.5 million certified cybersecurity resources and talents to reach by 2020.
- In the first half of 2019 alone, 1G of personal information was stolen by both external and internal malicious attack vectors (insider threat).
- It takes, on average, 206 days for an organization to discover a security breach in its system, giving malicious actors a considerable time advantage to execute their plan.
Phishing and Ransomware: The Trojan Horse of Scammers
Cybercriminals look to capitalize on the COVID-19 crisis and fears as well as organizations’ computer security loopholes to defraud employees who often work from unsecured remote desktop environments through which they trade sensitive data via email. This environment creates potential for virtual intrusions and makes it easier to endanger infrastructures and digital assets.
Among the main methods deployed by scammers, phishing is the cause of 95% of cybercrime incidents. Scammers use lucrative schemes with fraudulent attachments and links or malicious software to penetrate computer systems and commit identity theft.
Through data filtration and backup encryption, ransomware is the last line of attack that scammers use to extort money from users who have had their backs pushed to the wall.
These two fraudulent methods combined lie dormant in the IT system at first but then spread sideways until they grab hold of the system and network, and escalate privileges within it.
Detection, Prevention and Remediation: The Heart of the Matter
Organizations are advised to acquire a robust, reliable and high-performance defence to address the danger they face and protect their digital assets. Proper equipment includes strong cybersecurity and information security practices implemented by a trusted IT partner, combined with an active IT monitoring strategy.
To this end, r2i and its team of security analysts can provide you with expert support by analyzing your situation, identifying preventive solutions for a strategy tailored to your needs, and setting up an effective system for monitoring your digital assets in real-time, 24/7/365.
With our expertise and know-how, we can help you gear your organization to significantly reduce the level of attack to which you are exposed. Our security solutions will enable you to prioritize actions and protect your resources immediately.
Feel free to contact us with your questions and to take action with a custom solution suited to your situation.
Be sure to watch our webinar “La cybersécurité à l’ère du coronavirus : plus importante que jamais” which we have put together with Vars Corporation. You will learn more on the topic, raise your awareness of the risks associated with cyberattacks, and gain a better understanding of this global phenomenon that is of great concern to businesses here and abroad.
To view or download the video of the Webinar (in french), please complete the form below: