As the Covid-19 pandemic continues to disrupt government agencies and businesses on a global scale, the risk of cyber-crime is also on the rise. Ranging from sophisticated criminals to mistakes caused by human error, the pandemic is having a direct role in the security of business and government websites.
Now more than ever, there needs to be a focus on protecting important data from potential security issues that could result from the extraordinary shift online. With so many businesses relocating to home offices, there are increased cyber threats and security concerns. These massive changes in daily routines and online life have led to security vulnerabilities for private and public organisations, employees and processes.
Some of the ways that Covid-19 is creating new opportunities for cyber criminals include:
- An employee's home computer set-up might not have updated security software or the latest OS patches
- Employees using applications that they wouldn't download on a work PC and are therefore not secure
- Home devices and unsecure WiFi connections acting as potential entry points
- Increased use of ransomware and DDoS attacks at a time when remote access to computer networks and online services is more vital than ever
- Video messaging app Zoom is seeing a huge surge in use and popularity with so many people working from home, and cyber criminals are attempting to exploit that popularity to promote their phishing scams
Europol - an organisation that supports member states in the fight against all kinds of crime - recently released a report that examines how cyber criminals have reacted and evolved since the beginning of the Covid-19 pandemic and how they're seeking to exploit vulnerabilities that have emerged.
"The types of criminals exploiting the COVID-19 pandemic online were also active in the area of cybercrime before. However, some are believed to have intensified their activities and are actively recruiting collaborators to maximise the impact of their attacks or schemes," says the report. "The pandemic may multiply the damaging impact of a successful attack against certain institutions, which reinforces the necessity for effective cyber resilience."
This kind of cyber-crime involves some very bright people thinking up ways to use Covid-19 to compromise sensitive data, meaning that businesses and government agencies need to have a comprehensive cyber security strategy in place to combat it. But more often than they should be, data breaches are the result of human error - mistakes that are made by not having processes in place to mitigate against them.
Data breaches expose innocent citizens to risk, undermine public confidence in government and in digital transformation, as well as cause reputational damage to the organisations involved. How can crown agencies protect themselves?
It’s with that question in mind that we’ve developed a new white paper, Reducing the risk of government website data breaches. It outlines how simple scenario testing can reduce vulnerability and guard against the kinds of mistakes that cause data breaches.
The white paper covers four key areas:
- Taking cyber security seriously
Why the NZ Government has a comprehensive digital strategy in place, and the importance of people and businesses being connected online. - Tripping over your digital feet
A look at some of the recent government data breaches and how they could have been avoided - The best means of protection
The protection of business and government websites and data is down to proper planning and the implementation of systems specifically designed to combat cyber-crime. - The Syl solution
The Syl Validator that can crawl through government websites, seeking out any data that shouldn’t be in the public domain.
From tackling sophisticated cyber criminals to preventing data breaches caused by human error, government agencies need to be proactive. In fact, the fallout from these potential coronavirus breaches and attacks may not be clear for weeks or longer, experts say. The confusion caused by the pandemic, has likely resulted in long term security risks that will require resource and innovative solutions.
With online criminal activity continuing to evolve and people inevitably making mistakes, it’s crucial that the damage is mitigated at either end of the spectrum. That’s down to having a robust cyber security strategy that should be implemented in collaboration with partners who possess the necessary expertise and technology to reduce the risks posed by cyber-crime as much as possible.
