The coronavirus pandemic has truly changed the way that we work. Unfortunately, this has also been the case for cybercriminals who’ve had a busy and lucrative time during the pandemic. A new study conducted by cybercrime experts from the Australian Institute of Criminology (AIC) and Flinders University has revealed that cybercrime has significantly increased during the pandemic.
The study involved 12,000 Australians and discovered that one-third of the adult population had been victims of pure cybercrime in their lifetime. Additionally, a further 14% reported disruption to their network systems within the last year, indicating an increase in frequency during the COVID-19 pandemic.
Occurring across the world, it appears many hackers and cybercriminals have taken advantage of a global pandemic and sought to capitalise on the shift to remote working.
What does cybercrime look like?
Whilst cybercrime was an issue pre-pandemic, many of the threats have intensified due to opportunities that have arisen due to the Covid-19 outbreak.
Cybercriminals have been able to ransom millions of dollars from businesses and individuals during the pandemic, using tried and tested scams such as:
- online scams and phishing
- disruptive malware (such as ransomware)
- data harvesting malware
- malicious domains
- fake news
A pandemic of online crime
According to the study by the Australian Institute of Criminology (AIC) and Flinders University, only a tiny fraction of the financial losses are recovered by the victims of cybercrimes. Additionally, the study indicated that roughly 2.8 million Australians had fallen victim to cybercrime during the pandemic.
The experts believe that Covid-19-related economic disruptions have created the ideal conditions for opportunistic cybercriminals to take advantage. According to the study, Cybercrime has cost Australia’s public, government and businesses an estimated $3bn.
What is pure cybercrime?
Pure cybercrime is the term for criminal activities against computer networks such as hacking, releasing viruses and malware, and distributed denial-of-service attacks. Utilising technology, cyber-enabled crimes make traditional crimes such as stalking, identity theft and fraud far easier to commit with fewer chances of being caught.
Russel Smith, a professor at Flinders University, said:
“Pure cybercrime is a highly profitable criminal activity and results in substantial financial losses to Australians. On current information, as cybercriminals become more sophisticated, it’s clear the need for additional expenditure on prevention will need to increase.”
What’s caused the increase in cybercrime? Working remotely and its risks
During the pandemic, the huge shift to remote employment has created a new target for cybercriminals due to many employees working from home and using their personal smartphones and computers. Working from home already doesn’t guarantee the same level of cybersecurity as an office environment.
In addition, many small and medium-sized businesses have a ‘Bring Your Own’ approach to devices, meaning employees can use their own devices to access corporate information. Combine this with personal devices - which aren’t as secure as corporate networks - and users will find themselves more exposed to cyberattacks.
Furthermore, the rise in remote work also saw more companies embracing cloud services, which then found themselves falling victim to cybercriminals.
Those working in financial services, healthcare, public administration, and retail have been the most attractive targets to criminals. Financial service and insurance executives experienced the most significant rise in ransomware and phishing attempts in the past year. Health care organisations have also frequently been targeted by ‘misdelivery’ attacks, which fool victims into sending their data to fraudsters.
Attacks such as phishing and ransomware that threaten to publish private data unless a ransom is paid have become increasingly popular. This is due to ransomware and hacking tools becoming commercialised and simplified over the last 18 months.
This has meant that cybercriminals have no longer needed programming or coding skills to successfully commit a ransomware attack.
Are businesses adequately prepared for cybersecurity risks?
The pandemic and the need for remote working has created many challenges, especially for SME companies. They haven’t been prepared for the massive rise in sophisticated cyberattacks, and there needs to be a lot of progress made to raise awareness of the need for increased cybersecurity.
In their haste to get staff set up and working remotely, some companies haven’t always made cybersecurity the priority that it needs to be. This may result in some companies not doing stringent checks into personal devices to ensure they’re equipped with security protections - before their employees access company data. Or they’re relying on VPNs to do a job that they’re not designed for.
Companies can utilise security measures without being intrusive to their employee’s devices or privacy. For example, host checking validates specific requirements on personal devices before allowing access to corporate applications.
Ways to protect yourself: How companies and employees can increase cybersecurity
There isn’t a simple solution to cybercrime, but we recommend a few simple steps to help reduce the risk of a data breach:
- Use antivirus protection
- Cybersecurity awareness within the organisation
- Phishing awareness and prevention training for staff
- Home network security
- Use a Virtual Private Network (VPN)
- Identify weak spots within your organisation’s network
- Undertake frequent reviews that evaluate your cybersecurity risk exposure
- Utilising hardware issued by the company instead of a Bring Your Own approach
What have we learnt from the pandemic and the rise in cybercrime?
We’ve all learnt a lot from the pandemic about ourselves and the way we work. The best way to successfully limit the risks of cyberattacks is to be adequately prepared. Companies and organisations with the ability to quickly react have found themselves able to reduce the impact of a cyberattack.
Where possible, corporate-owned devices should be the standard for companies allowing remote access to confidential and sensitive data. However, where corporate data can be accessed from a personal device, cybersecurity should be assessed to minimise the risks.
The sad reality is that companies need to be prepared for the ‘when’, not ‘if’ they get attacked and recognise the impact of a data breach or ransomware can be devastating. With this in mind, there are ways to reduce the likelihood of a cyberattack and the damage caused. But this will require a cyber strategy and planning, with investigation into remote working practices to ensure compliance with optimal security measures.
At Lokava, we work closely with businesses to improve efficiency by solving issues through innovative software solutions. If you’d like to know more about how we can help your organisation, why not book your free consultation call today?
Sign up to receive content straight to your inbox.