CISOs fight back against a new era of cyber criminals

For most companies across Europe, the COVID-19 pandemic caused widespread disruption to operations, customers and employees. But it also spurred another trend that may prove to have a more positive long-term impact: the acceleration of digital transformation strategies.

According to recent research commissioned by Telstra, almost 40 per cent of large companies in key European markets such as the UK and Germany accelerated their digital transformation and innovation projects as a result of the pandemic. It found that, on average, firms had invested $2.28 million in digital transformation projects since the start of 2020, an uplift in investment of 2.7 per cent compared to what had originally been budgeted.

However, nearly two-thirds (65 per cent) of those surveyed reported that the number of cyberattacks experienced by their organisation also increased as a result of the pandemic.

We discussed in our earlier article how the pandemic resulted in higher incidences of supply chain attacks, which was the most commonly cited attack vector. But the problems don’t stop there. Respondents reported a host of other attack vectors on the rise, including phishing (44 per cent saw an increase), fake contact tracing apps and calls (43 per cent), and ransomware (43 per cent) – all attacks that could inflict major damage on an organisation’s security and reputation.

“Perfect cover” for cyber criminals

CrowdStrike, a leader in cloud-delivered endpoint protection and cloud workload protection, and a former Telstra Ventures portfolio company prior to is successful IPO, identified this trend in its 2021 Global Threat Report. It concluded that the pandemic had provided “valuable subject matter” for cyber criminals, which used COVID-19 themes in their phishing attacks. The healthcare sector has a particular target as a result.

“For most of us in the business of stopping breaches and protecting organisations from cyberattacks, [2020] was perhaps the most active year in memory,” said Crowdstrike CEO George Kurtz in a recent blog post.

“Millions of workers retreated to hastily equipped home offices, creating a feeding frenzy for cyber predators spurred on by the windfall of easy access to sensitive data and networks. At the same time, fear, concern and curiosity surrounding COVID-19 provided the perfect cover for a record-setting increase in social engineering attacks from both eCrime actors and targeted intrusion adversaries.”

Threat actors “quick to pounce”

Another Telstra Ventures portfolio company in the cybersecurity space, US-based phishing and detection specialists Cofense, identified six main COVID-related phishing themes in a recent report:

• Pandemic updates and guidance purporting to be from global, federal, or local health organisations
• COVID-19 office infection data/contact tracing
• Updates on remote working changes—company news and meeting invites
• Federal financial relief packages for small or medium business loans
• Teleconferencing platform invites or required updates related to platforms like Zoom, Teams, WebEx
• Financial claims related to COVID-19

“COVID-19 was certainly the source of the most disruption in 2020,” says Tonia Dudley, Strategic Advisor at Cofense. “Pandemic-themed campaigns picked up steam in February and March, peaking in April as much of the world adjusted to the concept of a ‘new normal.’ Following April, as the first shudders of the economic impact were felt and millions of people shifted to remote work, threat actors were quick to pounce.

“We also noticed while during the initial stages of the pandemic were targeted messages, they went back to using their standard “themes or templates” to include these key words,” adds Dudley.

What do these attacks look like in practice? Anomali is another Telstra Ventures portfolio company that issued cybersecurity threat bulletins during the pandemic.

One early phishing campaign it detected in February 2020 centred around purported advice from the US Center for Disease Control (CDC). It claimed that the CDC had “established a management system to coordinate a domestic and international public health response” and directed recipients to a malicious link or alternatively urged them to make bitcoin donations.

“Anomali projects with high confidence that cybercrime and state-sponsored actors will continue to leverage COVID-19 themed email-based attacks to entice recipients to download malicious attachments and to click on nefarious links,” says Hugh Njemanze, President, Anomali. “As long as adversaries are able to use pandemic themed attacks to achieve their financial goals and other objectives, we will continue to see these techniques in use.”

Balancing agility and security

As we concluded in our recent report, the pandemic has spurred digital transformation efforts and adoption of new technologies across Europe – and many companies are becoming more ‘agile’ as a result.

And yet, as we have seen, cybercriminals have seized upon this period of uncertainty. A strong cybersecurity strategy is therefore key to organisations emerging into the post-pandemic world with confidence.

Encouragingly, our ClubCISO Information Security Maturity Report highlights significant improvements to global business security functions and improvements to security culture. For example, 68 per cent of CISOs surveyed in the report believe their organisations are making progress or feeling they exemplify best practice in security culture – a considerable increase from only 39 per cent in 2020.

This year’s report has clearly demonstrated how CISOs from across the globe have come together as a community to address key issues in the face of unprecedented adversity. Years of innovation and hard work have paid off, as security defences have stayed resilient during what has been unprecedented times for us all.