The Rise of Hacking During the Pandemic
It’s big and not going away
After two major cyberattacks on my small business in the past year, I had to wonder. Was I being targeted for writing about cybersecurity, or is this a wider problem? Digging into some research raised my awareness of some alarming statistics for all levels of business, personal computing and internet connected devices.
A widespread problem
Turns out, the rise in cyberattacks is not just a problem; it may be considered a pandemic-inspired crisis. The U.S. Federal Trade Commission received 1.4 million reports of identity theft in 2020, double the number of incidents from the previous year. Most cases took advantage of people laid off as a result of the pandemic, with fraudsters filing unemployment benefits in the victims’ names. As employees moved from the office to home, system vulnerabilities were opened up for hackers. And this is just the tip of the iceberg.
2020 broke all records when it came to data lost in breaches. Overall, the number of breaches has soared across all sectors, ranging from government entities to entire industries such as health care, big and small companies and individuals. A vast majority of IT professionals do not have confidence companies are adequately protected, even with significantly larger investment in cybersecurity.
According to a study by the University of Maryland A. James Clark School of Engineering, malicious hackers are now attacking computers and networks every 39 seconds. Phishing scams are still wildly popular, as they are easy to execute. Google reported 2.14 million phishing sites in January 2021, up from 1.69 million in January 2020. Once a malicious link is clicked or a user voluntarily submits information, systems are compromised. According to a research study conducted by Deep Instinct, malware increased by 358% in 2020, and ransomware increased by 435% over 2019. Distributed denial-of-service (DDoS) attacks are also on the rise, with more than 10 million in 2020 disrupting or crashing servers, making a company’s network resources unavailable.
Tech writers and security experts can continue to issue warnings and profile high-profile breaches, but we all must improve our state of readiness. Across the board, from personal computers to large corporate systems, our cybersecurity is dismal. It’s time to act—using stronger passwords, improving employee work from home procedures, patching software and employing multi-factor authentication. Making cybersecurity a larger part of business budgets is essential, too.
10 Best Practices for Stronger Device Security
The U.S. Federal Trade Commission received 1.4 million reports of identity theft in 2020, double the number of incidents from the previous year. Most cases took advantage of people laid off as a result of the pandemic. And, as employees moved from the office to home, system vulnerabilities were opened up for hackers. In fact, 2020 broke all records when it came to data lost in breaches.
But there are ways that each of us, from the individual telecommuter or smallest business operation, all the way up to large corporations, can do better in cybersecurity.
The economics of cybersecurity
Cybercrime cost $6 trillion globally in 2021, and is expected to increase 15 percent annually to $10.5 trillion by 2025. Along with the number of breaches, costs have been rising over the past few years. In 2020, the volume of breaches expanded as shifting to a remote workforce added many vulnerabilities for hackers to exploit. Automated attacks are also on the rise, boosted by hackers’ ability to convert cryptocurrencies via ransomware.
On the flipside, those companies working in cybersecurity are expected to do well. The cybersecurity market is forecasted to be worth $403 billion by 2027.
Demand for cybersecurity professionals is rising much faster than other industries. The Bureau of Labor Statistics reports cybersecurity professionals can expect job growth of 31% between 2019 and 2029. The current national average wage for a person working in this field is $112,974 per year, according to Zip Recruiter.
Is technology advancing faster than cybersecurity can handle?
This could be an article all in itself. As we zoom forward on the interconnected super highway of technology, the security implications are vast. It is not just about protecting a company’s system or servers, but all touchpoints to that system, extending outward to supply chains and all B2B connections. Multiple technologies, including the Cloud, IoT devices, machine learning, artificial intelligence and 5G, all have cybersecurity challenges. Meanwhile, techniques among bad actors are getting more sophisticated, including use of Open Source information and Deep Fake technologies, with collaboration among hacker groups, sometimes at a very high level.
The recent SolarWinds attack is a good example. Believed to be linked to the Russian government, a hacker group gained access to computer systems belonging to multiple U.S. government departments, including the U.S. Treasury and Commerce Department. The campaign started around March 2020 and triggered an emergency meeting of the U.S. National Security Council.
Hackers got in by compromising the infrastructure of SolarWinds, a company that produces a network and applications monitoring platform called Orion. They then used that access to produce and distribute trojanized updates to the software’s users. Among customers affected were 425 of the US Fortune 500, the top ten U.S. telecommunications companies, the top five U.S. accounting firms, all branches of the U.S. Military, the Pentagon, the State Department, as well as hundreds of universities and colleges worldwide. The SolarWinds attack also penetrated the software’s supply chain, allowing hackers to access third-party vendors, potentially gaining access to all customers that use those vendors. Included in the supply chain attack were two big names in cyber security—FireEye and Malwarebytes—as well as Microsoft.
Companies, and even government agencies are still playing catchup in cybersecurity. A 2019 Varonis Global Data Risk report found mass sensitive files open to all employees at 53% of companies. However, there certainly is more attention and more budget spend going toward cybersecurity in 2021, so there is hope.
Good cybersecurity hygiene and developing immunity
There are ways that each of us, from the individual telecommuter or smallest business operation, all the way up to large corporations, can do better in cybersecurity.
For larger industries, cybersecurity statistics can help point out gaps and growing threats companies should be addressing. Risk management is evolving to be more agile to adapt to new challenges. The statistics contained in this report should serve as a warning to take risk management more seriously.
Small companies, including those with a remote workforce, please see this article on security and best practices.
If you don’t have an IT person or department, it is even more important to be tech savvy. Stanford Online offers a free course in basic web security. While not a comprehensive dive into cybersecurity, it is “a valuable starting point for software and security professionals as well as individuals interested in the field of cybersecurity who have some technical background,” according to the school.
Individuals, single entity-businesses and contractors, heed and follow through on the basic advice I and other tech writers have imparted:
- Keep your software and operating system up to date.
- Use anti-virus protection and your operating system’s firewall.
- Use strong passwords and a password manager.
- Use two-factor authentication.
- Learn about phishing scams and how to identify them.
- Protect your sensitive personal information, including your name, address, phone numbers, date of birth, social security number, IP address and location details.
- Address mobile security too, including using a secure passcode, keeping your device updated and other privacy protections as you would an office computer.
- Back up data regularly.
- Avoid public WiFi (or if you have to, use a VPN).
- Review your online accounts and credit reports regularly for changes.
Paying attention to cybersecurity can seem overwhelming at any level, but there is a payoff. The attacks my small business suffered in the past year were each thwarted by using best practices plus five layers of security—firewalls and other protections in Windows 10, a password locker, an encrypted drive for all sensitive information and two additional layers of antivirus and antimalware protection. There were also other virus threats that were identified and eliminated by my security software. Those that did get through were time consuming to resolve, but there was no data compromised or lost.
In today’s world, it is not a matter of if a cyber attack will happen to you, but when. Be prepared and you will minimize the impact.