Cyber criminals are exploiting new security vulnerabilities brought on by COVID-19 and widespread homeworking, a new report from Aon has warned.
Published today in collaboration with risk analytics firm CyberCube, the report explains how homeworking has exposed new access points for hackers to gain entry to corporate systems, such as PCs, laptops and Wi-Fi routers.
Moreover, it has reduced employees’ distinction between work and personal emails, and led to increased use of insecure passwords, with staff also more likely to use applications that would be prohibited in the office.
In addition, the rapid rise of online shopping due to coronavirus lockdowns has exposed the public to a higher level of well-established cyber scams such as formjacking and spoofing.
“Insurers underwriting cyber risk will need to be very mindful of these changes and how they affect an organisation’s risk profile,” said CyberCube’s head of cyber security strategy Darren Thomson.
“These are new norms that need to be incorporated into their underwriting appetite in addition to well-established threats like ransomware, which shows no signs of diminishing.
“Indeed, homeworking may slow the ability of policyholders and insurers to respond quickly to ransomware infections.”
The report also highlights how criminals have exploited the public’s need for information on COVID-19 to create a range of social media and text message attacks, particularly in those countries worst affected by the virus.
It urges organisations that rapidly deployed new technology, applications, services, or systems at the onset of the pandemic to ensure they have implemented best practices in security configuration and architecture.
While rapid technology deployment may have been necessary, the report explains how it could have introduced undesirable security vulnerabilities in the environment.
“The lesson this report draws is that cyber security at home is a different animal to cyber security in the workplace,” said Jon Laux, head of cyber analytics, reinsurance solutions at Aon.
“Organisations are going to have to think more laterally. They’ll need to be more user-centric with a particular focus on employee’s own devices and the cloud-based applications they use.
“The traditional approach to cyber security must be replaced by something that recognizes users will operate in a decentralised and remote fashion. For large organisations, that’s going to create a lot of change management to handle.”
Author: Chris Seekings
Image credit: iStock