According to the Consortium for Information and Software Quality (CISQ), cyber resilience involves building a system that can endure malicious attacks and continue working in unexpected circumstances. In the wake of the COVID-19 pandemic, many businesses in the U.S. have adopted teleworking. While teleworking helps to prevent the spread of COVID-19, it has made companies more vulnerable to cyberattacks. In fact, according to Open Access Government, telecommuting increases the risk of cyberattacks. Because of this, both large and small businesses should boost their cybersecurity operations. Here are four reasons why businesses of all sizes need to be cyber resilient in a COVID-19 world.
Telecommuting Has Created an Easy Point of Attack
According to Brookings, up to half of the workers in the U.S. are working from home, which is more than double the number working from home between 2017 and 2018. While teleworking has many benefits, it makes it easier for cybercriminals to infiltrate a business’s network through the loopholes created by a decentralized computer network. For example, globally, 30% of workers have clicked a phishing link, according to a recent study by Webroot. One of the reasons for this is that people are more likely to be distracted by TV or household chores when working from home, and therefore are less likely to notice potential phishing messages. For this reason, cyber risk professionals must stay up to date with the cyber risks associated with teleworking and take the necessary measures to make their organizations cyber resilient.
New Cyber Threats
According to William Towers Watson, the most common data breaches pre-COVID were application vulnerabilities, malware, and weak passwords. During COVID-19, the top methods of cyberattacks threats include:
- Phishing attempts using COVID-19 and coronavirus subjects
- Using COVID-19 and coronavirus words to register new domain names, which host malicious sites
- Distribution of malware
- Attacking new remote access and teleworking infrastructure
A recent industry study has shown that cybercriminals are increasingly targeting small businesses because they are unlikely to have a robust cybersecurity system. Consequently, smishing and vishing attacks on small businesses have increased significantly.
Remote Access Threats and VPN Vulnerabilities
Employees working from home still require access to the business’s system. Many organizations use virtual private networks (VPNs) and multifactor authentication to enable employees to access office systems remotely over the internet. Some of the common strategies that cybercriminals use to attack VPN networks include Distributed Denial of Service (DDoS) attacks and Domain Name System (DNS) hijacking. According to the U.S. Computer Emergency Readiness Team (CERT), a remote attacker can control a targeted system by exploiting these vulnerabilities.
A cyberattack can cause a business to incur substantial financial losses. In fact, the average cost of a data breach is around $4 million, as reported by IBM. According to Deloitte, the hidden costs of a cyberattack include:
- Increased cost of debt
- Higher insurance premiums
- Operational disruption
- Lost contract revenue
- Lost value of customer relationships
- Reputational damage
These are some of the reasons why businesses need to be cyber resilient in a COVID-19 world. At Hoffman Brown Company, we are always on the lookout for more information on how our clients can stay safe and protected. We are ready and waiting to help you find reliable and responsible insurance for your business. Contact us today to get started!