3 Ways the Pandemic Changed Cybersecurity Forever

Here's how the pandemic has changed key areas of cybersecurity, and what the future holds for each of them.

cyber-security

March 2020 brought in a new way of living around the globe. It’s one of those historical cleavage points, whereby time is measured before and after.

Nowhere has that cleavage been more apparent than in cybersecurity. There was cybersecurity pre-pandemic, and there’s now cybersecurity post-pandemic. Since the pandemic, the following have been brought into the public consciousness:

  • Ransomware
  • Business Email Compromise
  • Collaboration Apps

These terms went from insider cybersecurity items to topics of dinner table conversations.

In this article, we’ll discuss how the pandemic has changed these three particular areas of cybersecurity, and what the future holds for each of them.

Ransomware

If ransomware was a nebulous term that made you think of pirates before last year, then that is no longer the case. Ransomware is everywhere. Ransomware at hospitals. Ransomware days at your local school. Ransomware attacks cause potential gas shortages. Ransomware attacks cause potential beef shortages. Ransomware attacks bring businesses and industries to a halt.

Why did ransomware suddenly take off? It comes down to a fairly simple equation:

Data + accessibility= more attacks.

Now, more than ever, data is everywhere. When the world turned to remote work, the data that drives business decisions moved online and became accessible to everyone. What didn’t happen was security controls adjusting to this new normal. For example, one study found that 87% of organizations don’t have the proper personnel to defend against attacks among health care organizations. For hackers, breaking down defenses has never been easier. And with data everywhere—from the personal data that schools and hospitals hold, to the financial data that businesses hold—it’s a gold mine.

Without proper protection, ransomware will increase. And more businesses and institutions will suffer.

Business Email Compromise

Despite being a very simple attack method, Business Email Compromise (BEC) is incredibly successful. BECs, which spoof a trusted user to convince a recipient to share valuable information or send large amounts of cash, have skyrocketed during the pandemic. According to research from Avanan, BECs make up 20.7% of all phishing attacks. Further, according to the Internet Crime Complaint Center (IC3), BEC attacks caused at least $1.8 billion in damage in 2020. BECs work because they are hard to stop. Without any malware or malicious links, these messages often get past traditional email scanners. And since the email purports to come from an executive, it’s difficult for lower-level employees to ignore it. Until traditional scanners can better handle attacks, that $1.8 billion damage number will skyrocket.

Collaboration Apps

Though employees were using Slack and Microsoft Teams before the pandemic started, the usage of these apps exploded exponentially as folks started working from home. Since the start of the pandemic, Tehave has grown by over 100 million users. However, these apps are inherently not protected. Data leakage protection is minimal, so sensitive information easily flows between departments or even outside the organization. Links and documents aren’t always scanned for malware. Plus, it’s incredibly easy to impersonate users and carry out impersonation attacks.

Hackers have begun devising novel attacks for these platforms, as they know the protections are lacking. Further, end-users tend to be more relaxed while using these apps, tossing traditional cybersecurity judgment off to the side.

As work begins to transition to these apps, the attacks on them will only increase.

Conclusion

Cybersecurity is different. The attack surface has broadened. New attacks are incredibly successful and valuable for hackers, and protections against them haven’t always caught up.

The pandemic has taught us to be prepared for the unexpected. That adage has never been truer in cybersecurity.