While the health crisis we’ve been experiencing for over a year now has turned our daily lives and the way we work upside down, the digital revolution is accelerating and accentuating the risk weighing on businesses, which are being forced to rapidly implement remote working in order to maintain their activity.
Indeed, the increasing volume of data and the diversification of uses pose a risk that is all the greater as the means used by cybercriminals become ever more sophisticated.
In his INSIDER interview1)Warren Buffett Says Cybersecurity Is the Number One Problem With Mankind at Berkshire Hathaway Meeting (businessinsider.com)billionaire and philanthropist Warren Buffet declares that “humanity’s No. 1 problem is cybersecurity”.
Finally, Tenable4)Research-Report-Threat_Landscape_2020_en.pdf (tenable.com)also states in its latest report that the number of IT application vulnerabilities has increased by 6% in 1 year, 183% since 2015.
However, while the number of attacks has indeed increased, the majority of them follow already known procedures. First, we’ll look at the main methods used by cybercriminals, before examining the impact of the health crisis on corporate IT security policies.
Cybercrime can take many forms:
Phishing This technique, also known as “phishing”, is a fraud technique in which the fraudster addresses a person, usually duplicating the logo of an institutional player, and requests the victim’s bank details, usually under the pretext of an unpaid bill or some other fee.
The use of phishing by cybercriminals is up 42%5)https://securityboulevard.com/2021/02/the-state-of-phishing-in-2021/ in 2020, and is explained in particular by the health context and the emergence of increasingly sophisticated phishing tools. The low cost and high profitability of these tools make them the item of choice on the dark web, despite their limited lifespan.
Ransomware: This malware infects your computer system and takes your data hostage. The ransomware will encrypt and lock your files, and demand a ransom in exchange for a key to decrypt them.
This type of attack has particularly affected healthcare establishments since the beginning of the crisis, and is the cause of the major leakage of medical data.
This expansion of attacks on hospitals is due in particular to their digitalization, which has created numerous vulnerabilities, but also to the significant lack of investment in IT security, which led the French President to promise 1 billion for cybersecurity6)https://actu.fr/societe/attaque-des-hopitaux-emmanuel-macron-promet-1-milliard-d-euros-pour-la-cybersecurite_39590963.html.
President Fraud: President fraud, or social engineering fraud, is currently the most feared type of fraud, given the significant risks to banks and their customers. This is a form of fraud in which a person is manipulated into carrying out a fraudulent operation or divulging sensitive company information. In other words, it’s a human psychological manipulation technique used to invisibly or disingenuously acquire information from a targeted person with a view to obtaining a fraudulent transaction, such as a bank transfer, from another person.
This technique takes advantage of traditional means of communication such as telephone, e-mail and sometimes even direct contact, exploiting the trust, ignorance and even credulity of third parties. It’s one of the easiest frauds to pull off, and affects many companies today.
The procedure is quite simple:
– A bank technician calls the payments manager and suggests that he check his banking tool following changes made by the bank.
– The fraudster guides the caller, or takes direct control of the caller’s computer, to carry out a so-called “test” transfer.
– The company’s employee uses his 3SKEY key to validate the “test” transfer to a foreign account whose details have been provided by the bogus technician.
– Once the transaction has been carried out, the “test” transfer is sent to the same account, that of the fraudster, and the employee has just undergone a fake technician fraud.
DDoS: A DDoS attack, or distributed denial of service, is a computer attack targeting a computer system by flooding it with incoming messages or connection requests in order to cause a denial of service.
The targeted computer system then experiences abnormally high traffic from a large number of sources. This causes a denial of service, making the service unavailable to its legitimate users.
According to Nexus Guard, the use of this type of attack increased by 542% between the end of 2019 and the beginning of 2020.
Microsoft’s September report7)https://blogs.microsoft.com/on-the-issues/2020/09/29/microsoft-digital-defense-report-cyber-threats/ indicates that the sophistication of the techniques employed by cybercriminals has accelerated in 2020, making it more difficult to identify them. Statistics also show that criminals’ preferences in terms of the techniques they use have changed since the beginning of the health crisis.
Today, conventional corporate policies are much harder to apply. As data volumes increase, DDoS attacks are on the rise, and the IT security measures put in place by companies for teleworking sometimes suffer from major flaws.
Among the vulnerabilities reported in 2020, applications such as
Microsoft Teams, Citrix, Cisco (WebEx)
are vulnerable to cyber attacks.
However, not all vulnerabilities are necessarily critical, but unpatched vulnerabilities can make the cybercriminal’s job easier, and can ultimately have serious financial consequences.
Remote working also represents a challenge in that COVID-19 has a significant short-term and long-term impact on employees. Indeed, while we’re still trying to adapt to telecommuting, it’s common to see the boundary between personal and professional life becoming blurred. This can create an additional vulnerability (human factor) that can be exploited by cybercriminals.
The stakes for businesses are therefore colossal, since the cost of cybercrime for companies cannot be measured solely in financial terms. We must also take into account the momentary interruption of our business and the psychological impact of these attacks on employees. It is therefore necessary to take measures to combat these cyber-attacks.
The situation is likely to worsen over the next few months, for while 65% of CISOs believe that their company could be targeted in the next 12 months, 56% also consider that their company is not paying sufficient attention to cybersecurity.
Guillaume POUPARD, Director General of ANSSI, who very recently published his France Relance plan, maintains that “it is more urgent than ever to act concretely and collectively in terms of digital security8)https://www.ssi.gouv.fr/actualite/france-relance-et-cybersecurite-proteger-letat-et-les-collectivites-territoriales/ “.
France’s cybersecurity strategy is therefore based first and foremost on prevention in the workplace, where employees need to be made aware of cyber risks and trained in good IT security practices (strong passwords, system updates, careful travel, etc.).9)https://www.ssi.gouv.fr/uploads/2017/01/guide_cpme_bonnes_pratiques.pdf), but also on a national level, with the ANSSI aiming to spread a genuine culture of cybersecurity within companies and stimulate French cyber research.
However, the repressive aspect is also evolving: since the entry into force of the European Union’s 6th Anti-Money Laundering Directive, cyber-criminals have also been included in the list of persons who may be subject to an asset freeze.
In conclusion, if the acceleration of digital transformation we’ve been experiencing since the start of the health crisis is generating new behaviors within companies, it’s important to be aware of the associated risks in order to prevent them. Today, it is essential that all companies, whatever their size, are aware of the cyber stakes, and comply with them.
|↑1||Warren Buffett Says Cybersecurity Is the Number One Problem With Mankind at Berkshire Hathaway Meeting (businessinsider.com)|
|↑2||Tenable 2020: Research Report Threat Landscape|
Dear users, on 15/06/2022 Internet Explorer will be retiring. To avoid any malfunctioning, we invite you to install another browser, such as Google Chrome, by clicking here, or the one of your choice.
Please check this before contacting us in the event of a problem.