In an article in the Sunday Times on 12th July, Poppy Gustafsson (CEO and co-founder of cyber-security firm Darktrace), pronounced that lockdown has fuelled a cyber crimewave.
She’s right. Organisations are far more vulnerable now than they were 6 months ago. Just about everyone has had to adapt, at speed, to a digital workplace, and the consequences are far wider reaching than a plethora of empty office blocks in town centres and an increase in ASOS’s trading figures!
It’s far more difficult when you have staff working from home to guard against the susceptibility of cyber-attacks. As Gustafsson stated in the article: “The Covid-19 outbreak has raised the threat of cyber-attacks to critical levels. Remote workers are targeted by increasingly elaborate scams, with hackers preying on their loneliness and desire for information.”
It’s a worrying fact that the biggest increase in cyber-attacks during lockdown has been from the “enemy within”, with cyber-criminals posing as co-workers and sending fake emails with malicious links. These days it’s significantly more sophisticated than the old “Nigerian prince needing your bank details to gain his inheritance” type scam. Look at what happened to Twitter last week – a very costly internal breach carried out by tricking or otherwise persuading an employee to provide access – known as a spear-phishing attack.
Social distancing and remote working have exacerbated this “enemy within” type of attack.
The speed and circumstances in which the digital workplace transformed for the majority of us mean many organisations are struggling to keep pace and make their infrastructure safe, secure, and reliable enough to handle home working.
Cloud adoption has increased significantly to support remote working, as businesses realised that on-premise servers and systems weren’t set up to allow remote access. This has led to huge pressures on IT teams in terms of ensuring security – often whilst at a distance themselves. These are developments that might have been on an IT roadmap for the future – one that was carefully thought out, but wasn’t necessarily planned for immediate deployment – and certainly not at the speed at which they had to be implemented.
Combine this with the other key IT security challenge being faced during lockdown – the significant increase of not necessarily tech-savvy workers now fending for themselves at home – all juggling emails, MS Teams/Zoom calls, partners, home education, children, pets, etc.; plus the fact you can’t just shout across the office to ask Barbara if she really did send that email with the attachment just now or not, and you suddenly find yourself with a large number of company employees who are more susceptible to clicking on links that may contain malware.
Additionally and perhaps even more worryingly, these days the baddies/hackers/cybercriminals seem to be the innovators – with the agility, innovation, and sense of purpose that most organisations can only dream of.
Gustafsson likens it to the “weaponising of AI” – an arms race between the cyber security specialists and the hackers. Who’s got the strongest mathematical algorithms? Who can innovate fastest in the increasingly sophisticated battle of AI vs AI? It may sound like something out of a work of fiction, but it’s not. It’s a huge threat to all organisations and businesses, particularly utilities, health services and even governments (which is a whole separate paper), but what is clear is that cyber warfare is the new big risk of today.