色多多视频

 
色多多视频
色多多视频
Product Family
Product Family
Industries
Industries
Reinsurance
Reinsurance
Explore our offerings
Explore our offerings
Claims
Claims
Risk Consulting
Risk Consulting
Resources & Tools
Resources & Tools
Resources and Tools
Resources and Tools
About AXA XL
About AXA XL
About AXA XL
About AXA XL
Media Center
Media Center
Careers
Careers
Get In Touch
Get In Touch

What will the cyber landscape look like now that a pandemic has hit?

By

Just as criminals prey on victims when they are at their most vulnerable, for example, after a natural disaster, COVID-19 will be no different. Since the pandemic hit, we have seen an explosion of phishing and malware campaigns, with many of our own contacts reporting up to a 300 percent increase in phishing attacks since February 20201  (many posing as COVID-19 information or resources).

The uptick in attacks couldn’t be happening at a worse time. As businesses operate from remote locations, IT resources are stretched thin and employees, facing a multitude of new challenges working from home, will invariably struggle to remain as vigilant to cybersecurity threats as they are under normal working conditions. 

And yet, it’s at times like these when more than usual vigilance is required. Employees working remotely may have less secure connections, including Wi-Fi connections and shared devices. Remote workers will also have plenty of distractions that can divert attention and increase the likelihood of a phishing email being overlooked.

In the short term
Under regular circumstances, corporations globally suffer cyber losses amounting to trillions of dollars annually. For example, according to one study, the forecast for the global cost of cyber crime pre-pandemic was expected to . Now that companies are thrust into conducting business from multiple locations with little or no preparation, that number is likely to increase.

As companies rely on unfamiliar technology, such as video conferencing tools, and as employees connect to company servers using unsecured devices, increased opportunities for cyber attacks will continue to push that total higher.

Other areas of vulnerability include:

  • Online video and chat sites
  • Home routers and Wi-Fi connections
  • Mobile devices (typically, these have less security)
  • Popular apps, including shopping apps, that could have security gaps

While all industries are vulnerable, hackers are paying particular attention to organizations in and around the health care, pharmaceutical and research sectors, while also targeting academia, financial institutions and e-commerce businesses.

As IT professionals scramble to update systems, install patches, and help businesses secure remote operations, hackers will increase their efforts to gain access to company networks via any method they can.

 

Looking ahead, we forecast the following trends...

Looking ahead, we forecast the following trends:

  • Increased scope for social engineering: Social engineering has always been a successful attack vector for hackers. Hackers will know that employees will now need to communicate with IT and with management remotely, and they will look to exploit that need. Hackers can pose as IT support, as representatives of the company’s financial departments, or as managers in the company requesting sensitive company information, for example.
  • More opportunity for physical access-based attacks: With offices now standing empty, these are now also highly vulnerable. Hackers may attempt to gain physical access and either steal your devices or easily install malicious hardware or software on them.
  • Software vulnerabilities: Manufacturers are rushing out new update releases or new software versions in an attempt to respond to businesses needing remote operational capabilities. However, there may be overlooked security issues that emerge from this. The same applies to current software. If security updates are rushed without proper testing, your systems may be even more vulnerable once your company devices are updated.
  • Theft of video conferencing credentials: As each employee logs on to your video conference app or website, a hacker could be looking in, as well. Hackers can post video conferencing credentials on the dark web, which leaves your company’s proprietary information – and in some cases, your entire systems – open for anyone to steal. When setting up video conferences, be sure to use passwords and use the waiting-room feature so that you’re able to screen who is attempting to join your meeting. For optimum safety, change passwords for each video conference.
  • COVID-19 phishing messages: While phishing attempts were already a problem pre-pandemic, remote workers can now expect to see emails impersonating officials from the Centers for Disease Control and the World Health Organization, among others. Once an employee clicks on a link, they could be taken to a website that looks legitimate but is actually a dummy site set up by hackers to mirror sites of legitimate organizations. Hackers recently constructed one such dummy site to mirror that of the Internal Revenue Service’s site for government stimulus payment information.

Protecting your remote operations
How should companies be addressing these heightened cyber security risks with employees? Consider taking the following steps:

  • Talk to employees: Open the lines of communication with your employees about the risks they face. Many companies are setting up conference calls and email threads that discuss these heightened risks and what employees should do if they encounter a suspicious email or other request. Depending on the type of business you operate, the frequency of that communication will vary.
  • Reinforce communication: No matter how often you talk with employees, do follow ups on email communications with a video conference. Employees can then discuss how to best address potential threats, and they can be part of building the reporting process. Conference calls are a great time to emphasize that no concern is too small. Over-reporting of any potential issue should be encouraged.
  • Establish a clear reporting process: When an employee receives a suspicious email or phone call, what should they do with it? Your employees need to have a way to report suspicious activity that includes:
    • Where to report
    • What actions they need to take
    • How the report will be handled
    • When they can expect a response
  • Simplify the process with automation: Set up a dedicated email inbox that routes emails directly to the IT support staff and determine a response time that fits within your organization’s capabilities. Some companies are able to offer 24-hour support, but that may not be feasible for your company. Some organizations have icon-style buttons on their email applications that allow employees to move any suspicious email easily into a dedicated portal that is controlled by IT. The IT team can then examine the email and determine its legitimacy.
  • Educate your workforce: The most critical – and the most often overlooked – aspect of cybersecurity is educating and training the workforce. In order to report issues, your employees need to understand how to identify them. Even in a remote environment, your company can help employees spot phishing emails through tabletop exercises and quizzes to assess their level of preparedness. Follow-up video conference calls can reinforce your company’s cyber best practices.
  • Set clear expectations: Set clear expectations on what your employees can and cannot do. With additional platforms and applications, employees can become frustrated quickly with having to remember login credentials for each system. You should therefore emphasize the importance of not disabling encryption and password protection in software. Do not allow any employee to reconfigure devices to remove some of their security protocols. These systems are essential to protecting company data.

Remote cybersecurity, today and beyond
As the impact of the COVID-19 pandemic continues to drive businesses into remote operations, cyber criminals will be emerging in greater numbers and attacks will rise in frequency. The sharp spike in phishing and malware attempts can be expected to continue well into 2020 as the world grapples with both the health risks and the economic impact of COVID-19

Whether businesses are operating remotely on a temporary basis or more permanently in the future, cyber crime will continue to be a threat to their viability. By increasing your employees’ awareness along with your company’s own diligence, you can add an extra level of cyber protection and keep your business thriving through this period of uncertainty.

To contact the author of this story, please complete the below form

First Name is required
Last Name is required
Country is required
Invalid email Email is required
 
Invalid Captcha
Subscribe

More Articles

Quick Links

Subscribe to Fast Fast Forward

  • Related Resources

A computer screen with lines of code running in various colors
Fast Fast Forward
As businesses around the world implemented a work from home (WFH) operating model, IT, security and management teams worked hard to facilitate a strong and secure infrastructure. WFH operations present significant cyber risks if all aspects of security were not properly considered. In the rush to keep businesses up and running when the pandemic hit, was anything missed?
Cyber security in the time of coronavirus
Fast Fast Forward
With the ongoing spread of coronavirus, government guidance is changing rapidly. In many countries, healthy individuals are being asked for the first time to avoid unnecessary public exposure, for example at large gatherings, on public transport 鈥 and in the workplace.As a result, many businesses around the world are now either planning for or actively implementing a business model involving far more remote workers than they had ever anticipated. IT and management teams are hard at work on the infrastructure and organization to facilitate this. In the rush to keep businesses working, there is a significant risk that security will not be properly thought through.
cyber risk assessments
Fast Fast Forward
To manage your company鈥檚 cyber risk, you must first determine what your risks are, how an assessment will be applied to mitigate those risks, and which risks are primary. That way, you can conduct a risk assessment that fits within your organization鈥檚 needs.

Global Asset Protection Services, LLC, and its affiliates (鈥溕喽嗍悠礡isk Consulting鈥) provides risk assessment reports and other loss prevention services, as requested. In this respect, our property loss prevention publications, services, and surveys do not address life safety or third party liability issues. This document shall not be construed as indicating the existence or availability under any policy of coverage for any particular type of loss or damage. The provision of any service does not imply that every possible hazard has been identified at a facility or that no other hazards exist. 色多多视频Risk Consulting does not assume, and shall have no liability for the control, correction, continuation or modification of any existing conditions or operations. We specifically disclaim any warranty or representation that compliance with any advice or recommendation in any document or other communication will make a facility or operation safe or healthful, or put it in compliance with any standard, code, law, rule or regulation. Save where expressly agreed in writing, 色多多视频Risk Consulting and its related and affiliated companies disclaim all liability for loss or damage suffered by any party arising out of or in connection with our services, including indirect or consequential loss or damage, howsoever arising. Any party who chooses to rely in any way on the contents of this document does so at their own risk.

US- and Canada-Issued 色多多视频 Policies

In the US, the 色多多视频insurance companies are: Catlin 色多多视频 Company, Inc., Greenwich 色多多视频 Company, Indian Harbor 色多多视频 Company, XL 色多多视频 America, Inc., XL Specialty 色多多视频 Company and T.H.E. 色多多视频 Company. In Canada, coverages are underwritten by XL Specialty 色多多视频 Company - Canadian Branch and AXA 色多多视频 Company - Canadian branch. Coverages may also be underwritten by Lloyd’s Syndicate #2003. Coverages underwritten by Lloyd’s Syndicate #2003 are placed on behalf of the member of Syndicate #2003 by Catlin Canada Inc. Lloyd’s ratings are independent of AXA XL.
US domiciled insurance policies can be written by the following 色多多视频surplus lines insurers: XL Catlin 色多多视频 Company UK Limited, Syndicates managed by Catlin Underwriting Agencies Limited and Indian Harbor 色多多视频 Company. Enquires from US residents should be directed to a local insurance agent or broker permitted to write business in the relevant state.

THIS AXA WEBSITE USES COOKIES

色多多视频 as a controller, uses cookies to provide its services, improve user experience, measure audience engagement, and interact with users鈥 social network accounts among others. Some of these cookies are optional and we won't set optional cookies unless you enable them by clicking the "ACCEPT ALL" button. You can disable these cookies at any time via the "How to manage your cookie settings" section in our cookie policy.

Find Out More About the Cookie Policy Privacy Notice
Accept All
Refuse All
Cookie Settings