While 2020 might have been the year from hell for many people, hackers and other cyber criminals have enjoyed increased opportunities this year, taking advantage of national lockdowns and people working from home to target the vulnerable electronically.
That was the topic of an Aon-Barclays webinar on Thursday November 12, titled Cyber Security: Don’t Be The Weakest Link, which looked specifically at what criminals are doing and how people can protect themselves. The webinar was aimed at the insurance industry, which was described as a key sector for Barclays.
Hafi Ali, relationship director at Barclays, noted that businesses have been forced to provide lots more laptops to employees since they have started working from home.
Mike Brookes, head of cyber operations intelligence at Barclays, agreed that the world has changed thanks to COVID-19, in particular by blurring the lines between home and work. Damaging cyber attacks are now an everyday reality, he warned, while there is no difference between global and regional cyber threats.
“We’re all interconnected,” said Brookes. “And the shift to working from home has accelerated trends and shifts within the cyber criminal community. This is their business – their day to day job, it’s how they feed their kids. They’re the key innovators and they have shifted to target people working from home.”
Two key aspects of this targeting involve preventing people from doing business and the shifting of funds, said Brookes. The former is being achieved by denial of service (DOS) attacks, which slow computers down to a crawl, or by ransomware, by which a hacker locks a computer with invasive software and stops it from being used. The latter is less of a threat, although theft of intellectual property also has to be taken into account, he said.
The online audience was asked what they thought were the key challenges of working from home rather than in an office environment. More than half ( 53.3 percent) of the respondents cited equipment and technical support considerations, while a third highlighted security concerns. The remaining 13.3 percent said confidentiality was the key challenge.
David Molony, director of cyber risk consulting for EMEA at Aon, said that the poll results showed the wide range of issues and worries people currently face.
“Regardless of the pandemic we were going through a huge amount of digital transformation,” Molony said. “We were fundamentally changing the way we worked. If you take into account all of those changes that were happening anyway, and then the pandemic happened, altogether it has changed the way we all do business.”
For a major company of 100,000 people, work that would previously have been done at potentially hundreds of sites globally is now being done at 100,000 sites globally, he noted. “It’s a huge challenge for us from an infrastructure perspective to be able to keep pace with that changing environment,” Molony said.
The increased number of access points to company systems through people working from home has also increased the attack surface for hackers, Molony said, giving them more potential places to hack into systems. This can lead to some individuals feeling vulnerable as they cannot easily call on technical support from home – and this runs the full range of companies, from multinationals to small family-run firms.
Alex Colias, GDPR practitioner and information security consultant at Logicalis Guernsey said that everyone is doing their best to deal with a huge and varying amount of technology. Even those who normally worked from home are getting used to new things like teleconferences much more than they might have been used to, said Colias.
Hackers are also people trying to feed their families and are therefore working hard to try and make the most of any vulnerabilities due to more people working from home, Colias added.
“If one company wants to talk to you using one kind of video conference application, but another wants to use another kind of software, your attack surface becomes larger,” explained Colias. “Keeping on top of that can be difficult. But there are a lot of good practices you can do that are well-known and sticking to a few basic principles can allow you to go a long way. Multifactor authentication works, you need to keep everything updated – being aware of the basics and doing them well is important.”
The panel agreed that companies need to handle the basics of online security well to minimise the risk of being hacked. Backup systems are important and can shorten any kind of dedicated attack, as can even relatively unsophisticated encryption.
Audience members were asked what they see as the key threats facing businesses. Nearly half (46.1 percent) of respondents said phishing attacks, while 30.8 percent said not having secure passwords or encryption. Nearly a quarter thought being hacked was the key threat.
Colias confirmed there has been a significant increase in reports of phishing attempts, whereby a hacker sends an email that seems to be from a legitimate organisation, asking for confidential information. Staff need to be trained to recognise the signs of phishing, he added.
The panel agreed that training on cyber threats is crucial. People especially need to take password security seriously, making them as unique as possible and not using the same password on multiple websites, they said. As long as individuals and companies do the basics very well, that most should be able to thwart cyber criminals, the panel concluded.
People who are concerned about cyber risk should refer to resources that are available, including:
Aon, Barclays, Cyber, David Molony, Alex Colias, Mike Brookes, Hafi Ali