- Corona crisis boosting the “business” of cyber criminals
- Home office employees more vulnerable to phishing attacks
- Hospitals and other healthcare facilities particularly at risk
While much of the economy is being hit hard by the coronavirus crisis, cyber criminals are on a roll. From January to March 2020, more than 16,000 domains were registered with a connection to the coronavirus. These domains are up to 50 percent more likely to be fraudulent than others, as studies show*. “Hackers see the pandemic as a unique opportunity to expand their business,” says Markus Schaffrin, security expert and Head of Member Services at eco – Association of the Internet Industry. The domains are often used to launch phishing attacks. By employees clicking on an infected link or attachment in an email, the hackers gain access to the company systems. “Preparing for cyber attacks and maintaining cyber hygiene in the home office is currently just as important as regular hand washing,” says Schaffrin.
Phishing click rates up to three times higher
All companies are at risk, as are health care facilities and hospitals. Cyber criminals are unscrupulous and seek out vulnerabilities wherever the current situation means that stress levels are particularly high. The crisis plays into the hands of the attackers. They exploit all available tools of psychology to suppress the critical thinking of users. They exploit curiosity, fear, and helpfulness, and in so doing get users to click on links or attachments in phishing emails. “Users are currently finding it harder than usual to verify messages,” says Dr. Niklas Hellemann, Managing Director of SoSafe GmbH and member of the Security Competence Group at eco – Association of the Internet Industry.
One way or another, people are already particularly susceptible to phishing in the home office. “The click rate there is up to three times higher, as our figures from simulated phishing attacks show,” says Hellemann. The ‘grapevine’ usually sensitizes employees. When they’re in the office, people immediately exchange information about ongoing attacks or ask a colleague if they can’t classify an email. “We are also seeing an enormous increase in spear phishing, i.e. targeted attacks on a single person. At the moment, spending time and resources on sensitizing employees on the topic is particularly worthwhile,” continues Hellemann.
Sensitizing employees in the long term
The best defense is to adapt one’s own processes and structures so that attacks lead nowhere. A team approach within an organization which is sympathetic and not too hierarchical helps, as of course does awareness-raising. For employees, there is always a detectable sign of a possible attack. After training on the subject, for example, employees pay close attention to this and click rates on phishing emails drop by up to 50 percent. Sensitizing employees in the long term is more difficult. There are various approaches to this, from random learning via ongoing phishing simulations, to gamification approaches. This turns employees into a human firewall that can withstand the attacks of cyber criminals, even in stressful situations and at times of crisis.
*Source: Checkpoint Research