The shift from the traditional working environment to the digital space has accelerated following the outbreak of Covid-19 pandemic.
While working remotely will certainly be a major gain to companies as it will lead to a huge reduction in costs, the move will on the flip side expose firms to unprecedented catalogue of vulnerabilities.
Since remote working gained momentum thanks to the outbreak of the pandemic, there have been soaring cases of cyber-attacks, a pointer of the landmines that firms will have to navigate going forward should they choose to have their staff work permanently from home.
Now a new report says as more people and businesses work remotely and as technology advances and gets smarter, companies will be exposed to more dangers if they don’t make the necessary investment and take the requisite steps to counter the threats.
The survey, Securing The Next Normal, released on November 10 by Israel-based cyber security firm Check Point says the pandemic has spawned a ‘new normal’ that cyber security teams have to keenly focus on in a bid to build firewalls against attacks.
The report warns that increase in ransomware and botnet will be particularly of great concern in 2021 when 81 percent of global enterprises are expected to embrace remote working. Seventy-four percent of businesses worldwide, the survey indicates, plan to stick to working from home even when the pandemic is subdued. This means the possibility of attacks will always remain high
The report notes that the cyber threats will also mount as firms adopt 5G networks, and Internet of Things (IoT). Because these will mean more interconnected smart devices, the threats of attacks will also go up significantly. The risks will be as serious as the entire business operations of a company being captured and held to ransom by hackers through deployment of sophisticated software.
“The pandemic derailed business-as-usual for virtually every organisation,” says the report, adding that this will force them to set aside “their existing business and strategic plans, and quickly pivot to delivering secure remote connectivity at massive scale for their workforces.”
According to the study, seventy-one percent of security professionals reported an increase in cyber-threats since lockdowns were put in place.
The report urges security experts to be on the lookout for the situations that hackers are likely to cash in on.
“One of the few predictable things about cyber-security is that threat actors will always seek to take advantage of major events or changes – such as the pandemic, or the introduction of 5G – for their own gain,” says Pankaj Bhula, Check Point’s Middle East and Africa Regional Director.
To beat the threats, Mr Bhula advises organisations to be proactive and secure every nook and cranny of their operations, “or they risk becoming the next victim of sophisticated, targeted attacks.”
The survey says firms must now invest more in 2021 to better secure their new distributed networks and cloud-based platforms to keep their applications and data protected. To do this, companies must aggressively move to seal their networks’ loopholes comprising employees’ smartphones, IoT gadgets and cloud systems.
The reports says cyber criminals always look for soft targets in systems to stage an attack and compromise vital data.
Kenya, which is among countries rapidly embracing smart systems and devices, needs to be at the forefront in seeking solutions to counter the rising hacking menace.
Nairobi-based cyber security consultant Diana Waithanji says to adequately protect themselves against cyber threats, businesses and government agencies have to seriously review upwards the budgets for securing their systems and networks.
Companies, Ms Waithanji advises, must have in place a watertight IT security plan.
Businesses, he adds “should be ready to invest in cyber security because it’s much cheaper to be proactive than reactive”.
She advises firms to have a business impact analysis and a business continuity plan “so that processes do not stop after an attack.”
The hackers have latched on information on the pandemic to strike and extend their terror. They do this by purporting that the information they are peddling comes from genuine sources such as the World Health Organization (WHO).
Even the news of the Covid-19 vaccine is a fertile ground for cyber criminals to use in phishing campaigns, the report warns, noting that pharmaceutical companies developing vaccines will be highly targeted by hackers and nation-states looking to take advantage of the situation.
Cyber criminals target corporates using e-mail-based attacks such as phishing and ransomware, “purporting to be from official organisations such as the World Health Organisation,” says Mr Antony Muiyuro, senior manager and cybersecurity lead at Ernst and Young East Africa.
Digital learning, says Check Point, will also be another domain that hackers will be salivating to attack. Therefore, schools colleges and universities are being called upon to secure their e-learning platforms, taking into account that the sector experienced a 30 percent increase in weekly cyber-attacks globally in August, according to the report.
The survey projects that ransomware – where hackers first extract large amounts of sensitive data, prior to encrypting a victim’s databases – will be one of the commonest form of attacks.
The attackers, notes the research, will threaten to publish that data unless their demands are met, applying more pressure on organisations to meet the criminals’ demands.
“Hackers have developed many malware families into botnets, to build armies of infected computers with which to launch attack,” the study says.
Dr Bright Mawudor, head of cyber security services at Internet Solutions, notes that malicious WhatsApp links and decoys are being spread in Kenya and have been preprogrammed to access particular private information.
“Beware of these links being shared on WhatsApp and e-mail. You must avoid typing into links that purport to reset already hacked smartphones. They are all fake and aim to compromise your company,” he warns.
Mr Mawudor says fake links of information regarding the new vaccine will have codes embedded in them, instructed to get all details about users, including their bank and mobile money passwords.
The report says Emotet, the most rampant malware in 2020, started as a banking trojan but has evolved to become one of “the most persistent and versatile botnets,” capable of launching a range of damaging exploits, from ransomware to data theft.
A new rising threat is where nations are likely to attack each other for critical information, espionage or to shape events in target countries.
The report says in 2021 deep fakes “will be weaponized” by criminals, with techniques for fake videos or audios being advanced enough “to create targeted content to manipulate opinions, stock prices or even elections”.
Earlier this year, a political group in Belgium released a deepfake video of the Belgian Prime Minister giving a speech linking Covid-19 to environmental damage and calling for action on climate change. Many viewers believed the speech was real.
“At a simpler level, audio could be faked for voice phishing – so that a CEO’s voice could be faked to bypass voice authentication,” says the report.
The totally connected, high-speed world promised by 5G will give criminals opportunities to launch attacks and cause disruption by targeting that connectivity.
“Telemedicine apps and devices will collect data about users’ wellbeing, connected car services will monitor users’ movements, and smart city applications will collect information about how users live their lives,” the study says.
Such massive volume of data from always-on smartphones and 5G devices will need to be protected against breaches, theft and tampering to ensure privacy and security against attacks, since most of this data will bypass corporate networks and their security controls.
“IoT devices and their connections to networks and clouds, are still a weak link in security. We need a more holistic approach to IoT security, with a combination of traditional and new controls to protect these ever-growing networks across all industry and business sectors,” the study concludes.