As the number of people using services online has ballooned over the last year due to the onset of the Covid-19 pandemic, the threat posed by cybercriminals around the world has grown even stronger. How can companies and governments alike deal with this coming storm?
For as long as cybercriminals have existed, the need for companies, governments and consumers to have cyber defences has run in tandem with them. However, with the recent great migration online fuelled by the Covid-19 pandemic, there has been a huge spike in cyberattacks, with more people at risk than ever before.
A recent report by the FBI’s Internet Crime Complaint Center found cybercrime complaints hiked by 100% between March 2020 and May 2021, with a staggering $4.2bn lost by cybercrime victims over 2020. The FBI claimed the huge hike in complaints was chiefly due to people working from home because of the pandemic.
While people are expected to eventually return to office-based environments, there is a growing consensus that working from home has taken hold as a way of work that will remain after the pandemic. In addition, consumers who previously may have shopped in person may now see greater benefits from purchasing online, with some still seeing face-to-face interaction as a shaky proposition.
According to OneSpan product security director Frederik Mennes, this mass migration online needs to be backed by stronger security measures than we were previously accustomed to.
He said, “Over the past year, populations around the world have been moving onto digital platforms for almost anything, such as ordering groceries and setting up banks accounts. As we become more digitally native and fraudsters look to exploit digital channels, there needs to be a greater focus on security. Passwords in many respects have become outdated, and we need to look beyond to more secure technologies such as biometrics to prove someone’s identity online.
“Consumers prefer fingerprint or facial recognition authentication methods because they’re more convenient and don’t involve memorizing a variety of different passwords. However, the onus is very much on organizations and banks to strengthen their defences as they can’t rely on consumers to have good password hygiene.
“There’s a continuing upward trend in biometric usage, new risk-based multifactor authentication with fingerprint, face, or iris recognition could be the solution that will finally free us from the burden of endless passwords. Implementing these authentication tools will enable society to be more secure in the age of mass online participation.”
The move away from passwords to biometrics is already becoming a mainstream trend, with companies such as Apple allowing their users to use Face ID instead of the password, which they may be more inclined to forget.
Furthermore, a recent study of 1,000 US employees by Keeper Security found 57% of those surveyed were writing work-related passwords on notes. Two thirds (66%) of respondents had lost these notes – representing a much graver risk to their own cybersecurity if they are unable to remember their password.
Need for insurance
While cyberattacks are by no means inevitable, there is a growing need for companies and consumers to ensure the safety of the majority of their assets in the case of an attack.
According to Jacob Palmer – CyberCube director of consulting – there is a strong need for regulators to encourage good practice in cyber insurance and ensure companies adopt robust cybersecurity practices to minimise attacks and monitor those who take risks to make sure they have a strong approach to cyber insurance.
He cited action by regulators to encourage good practice in cyber insurance has so far been focused mainly in London, where the Bank of England and Lloyd’s have issued a series of advisory notices backed up by mandatory stress tests. He also highlighted work done in New York, where the state called for insurance to fulfil its potential to drive better cyber risk management throughout the economy.
Ensuring companies and individuals can remain insured and protected in the face of a cyberattack has become especially pertinent following the rise in ransomware virus attacks around the world.
In a recent high-profile example, the Colonial Pipeline – a pipeline that transports 100 million gallons of fuel daily to customers from New York to Texas – had to bring its operations to a standstill after the DarkSide ransomware variant attacked some of its IT systems. A few days later, Darkside demanded a $4.4m ransom payment from Colonial, which was paid in full.
While the DarkSide team later revealed that it had shut down its operations on the back of US pressure and its servers being taken down, the threat of ransom payments to other companies, individuals and even governments remains a huge cause for concern.
A country that recently witnessed the potential effects of this were Belgium, after Belnet – the company that provides internet services for Belgium’s parliament, government departments, universities and scientific institutions – suffered a cyberattack. Even more recently, the country’s Interior Ministry uncovered a two-year long compromise of its network from a hacker.
Elsewhere, Ireland’s healthcare service was previously temporarily forced to shut down its computer systems as a precaution following a significant ransomware attack. Japan also experienced two recent cyberattacks that were directed at the Fujitsu company and Greater Tokyo-based Narita Airport.
Alongside a stronger focus on security and cyber insurance, there is the obvious need for governments, organisations and consumers to spend more on stronger cyber defences going forward to keep themselves better protected.
The 2020 Cyber Readiness Report – recently conducted across the US, the UK and mainland Europe – found many companies are investing more in cybersecurity, with firms in the UK and Europe doubling cybersecurity spend in 2020 by 39%. There had previously been a drop in cyberattacks in general from 61% to 39% from 2019 to 2020.
Copyright © 2021 RegTech Analyst
Copyright © 2018 RegTech Analyst