Reading Time: ~ 4 min.
Prior to the outbreak of the novel coronavirus, Webroot’s
annual Threat Report highlighted a 640% increase
in active phishing sites on the web. However difficult it may be to believe
(or easy, depending on your outlook), things have gotten even worse since.
From fake anti-malware sites named for the virus (Really. See below.), to phony tracker apps that actually stalk users, to Netflix and Disney+ phishing scams that steal login data by taking advantage of a coronavirus-induced “streaming boom,” cybercriminals are getting crafty with COVID-19.
Threat analysts at Webroot have been tracking the rise in registered domain names with names including “covid,” corona,” and “coronavirus” since the outbreak began, noting that 2 percent of the more than 20 thousand newly registered domains containing those terms are malicious in nature. Files marked malicious that included the word “Zoom” grew more than 2,000 percent.
All these threats have arisen concurrently with an economic
downturn that’s brought about fear, uncertainty, and the need to cut costs.
Depending on the
shape the recovery takes, we could be living with these unfortunate realities
for some time. That means cybersecurity spending will inevitably be considered
for the chopping block within many organizations. This is a bad idea for the
reasons listed above and a great many more.
What’s needed, instead, is a greater investment in
cybersecurity. As the World Economic Forum stated in an article entitled “Why
cybersecurity matters more than ever during the coronavirus pandemic,”
cybercrime flourishes during times of fear and uncertainty. We’re also spending
more time online and relying on digital productivity tools as much as ever.
“Pressure will mount on business leaders to take action
to cut costs and security spend may be highlighted for reduction,” say’s
Webroot Sr. Director of Product Nick Emanuel. “However, the economics here
are clear—cybercriminals are not cutting their budgets and are waiting to
exploit weaknesses.”
And if organizations decide to preserve their remote
workforces in order to promote employee safety and cut facility costs, as many tech
companies are
already doing, the cybersecurity landscape could be altered permanently.
“With the unprecedented shift from office to work from
anywhere, it’s crucial that businesses review their remote working policies for
data protection, as well as security, and be prepared for the variety of
different work environments,” said Emanuel.
Cybersecurity in a Strange New World
So, what can you do to enhance cybersecurity for your
business or clients? Rather than dropping products or sacrificing protection, develop
a laser focus on these four principles:
- Automation—Companies must consider how AI
and machine learning can assist with cybersecurity tasks. Adoption of these
technologies is already
high, but understanding remains low. When used effectively, they can reduce
the need for high-paying, talent-scarce positions, freeing up the talent you do
have to think strategically about larger business issues. Automated backup for
businesses also reduces workload and guards against data loss, which can be
costly in terms of loss productivity and potential fines.
- Education—Phishing is still the largest
single source of data breaches, according to the
latest Verizon Data Breach Investigation Report. Again, this is a quick way
for malicious actors to install ransomware or to gain access to sensitive
information, leading to downtime and fines. Luckily, users can be taught with
some reliability to spot phishing attacks. Webroot’s research has found that,
with ongoing training with a phishing simulator, click rates for phishing
attacks can be reduced by more than 85%.
- Insurance—Data breaches are existential
threats for many small and mid-sized businesses (SMBs). According
to IBM, data breaches for organization between 500 and 1,000 cost an average
of $2.65 million. Normally, organizations would hedge against such astronomical
threats. Cybersecurity shouldn’t be any different. The U.S. Cybersecurity &
Infrastructure Security Agency (CISA) recommends cybersecurity
insurance both as a means of promoting additional protection in exchange
for more coverage and encouraging best practices for better premium rates.
- Investment—Finally, businesses should
invest wisely in their cyber resilience. This can be thought of as a holistic
approach to cyber wellness that allows an organization to remain on its feet,
even in the face of serious threats. Data security and data protection are
essential components of cyber resilience. Data security entails endpoint security,
sure, but also DNS filtering and security training for protection at the
network and user levels. Data protection entails automated, encrypted backup
and recovery for endpoints and servers to defend against ransomware, hardware
failure, and device loss or theft. Together, these elements of cyber resilience
reduce the likelihood of any one cyber setback being catastrophic for your
business or clients.
MSPs and SMBs, rather than cutting costs by sacrificing
their cybersecurity, should look to enhance it. While some of these steps may
seem aimed at companies in a growth phase, they can actually improve the bottom
line over the long run. After all, the costs of preparation pale in comparison
to the cost of a breach.
The post There Are Savings to be Had in Cybersecurity. Just Not Where You Might Think. appeared first on Webroot Blog.