Insights From Verizon’s COVID-19 Breach Landscape Report
Verizon recently released an update to its 2020 Verizon Data Breach Investigations Report examining the impact of the COVID-19 pandemic on cybersecurity. It looks at how our changing work patterns for dealing with the crisis are open for potential exploitation by hackers.
The report found increased security vulnerabilities and the emergence of new cyberattack tactics. Verizon associates these with the new reliance on remote workers, as many industries move to having their employees working almost exclusively virtually.
Many companies already had a ‘remote working’ strategy and security plans in place. However, others have been left scrambling in their attempt to transition to home workers while remaining secure.
Verizon’s report highlights four specific cyber challenges that have emerged this year as a result of the pandemic: (1) the continued increase in human error, (2) the focus on stolen credential-related hacking, (3) the spike in the use of ransomware, and (4) phishing emails’ manipulative play on emotions.
Below, we dive deeper into each of these four themes from their report.
1. Increased human errors due to distractions when WFH
A workplace isn’t free from distractions. However, escaping them while working from home can be particularly difficult for parents with young kids, pet-owners and young adults with well-meaning, but sometimes intrusive, parents. Not to mention, there is an increased workload on a fewer number of employees.
Additionally, IT teams have been rushing to enable remote working systems. Frequently, this involves implementing unfamiliar new software.
All of these factors have led to a rise in human errors. And many of these have amounted to security breaches. According to Verizon, one-quarter of all breaches have been attributed to human error.
2. Over 80 percent of breaches were caused by stolen or brute-forced credentials
Verizon’s 2020 Data Breach Investigations Report found that breaches caused by stolen or brute-forced credentials were already spiking. These contribute to over 80 percent of breaches in the hacking category.
With the rapid switch to remote working, IT departments were suddenly responsible for securing networks and company assets for a more spread out workforce. This was all while they handled an increase in daily requests from a now remote workforce.
3. Increased use of ransomware by cybercriminals
Given recent high-profile ransomware attacks on companies like Garmin and Canon, it may be unsurprising that Verizon’s report found an uptick in ransomware incidents during COVID-19.
Verizon has not included ransomware attacks in the original investigations report dataset, since they do not typically result in compromised data. However, Verizon identified several ransomware incidents in their current dataset that did result in data being stolen. Bad actors even posted that data publicly for other bad actors to see. This suggests that ransomware attacks may not just be increasing, but also advancing.
4. Manipulation of people’s emotions in phishing emails.
Phishing is perhaps the most old-fashioned tactic to target vulnerable groups. It’s also one of the most damaging, since it can have serious and long-term consequences.
With the onslaught of COVID-19, cybercriminals have been able to target a larger audience. They use information about the virus, testing and vaccines to drive people to click on their malicious links.
COVID-19 cases are rising again on both a national and global scale. Remote work may be around for longer than organizations had originally anticipated.
Further, with companies like Twitter and Google announcing permanent WFH workforces, more consumers and businesses will be vulnerable to cyberattacks.
As Verizon points out in their report, ‘no matter what events are taking place in society, it just becomes grist to the mill for criminals who launch phishing attacks.’
[Related: PCI DSS Comes Under the Spotlight in Verizon’s 2020 Payment Security Report]
How can we help?
Get in touch today to discuss our technology and your requirements.
Sign up for Knowledge Centre notifications
Never miss the latest blog, news, podcast or event. Sign up to be notified when we publish something new.