As we slowly ease out of the lockdown here in the UK, businesses once again have to adapt to changing environments. Some businesses will continue to operate with their staff in a dispersed manner, while others will be looking to open offices and bring their staff back to the workplace. The COVID-19 pandemic means that the workplace may look and operate significantly different compared to before the lockdown. While other workplaces (offices) are still in the deciding process.
In this article, I will provide 3 cyber security risk management predictions relating to information security at a holistic global view level, and 3 that are more assertive, which you really should consider.
Data breaches increase as the attack surface expands
My first prediction from a holistic global level is that the number of reported data breaches will increase quite dramatically. The vast majority of these data breaches will involve personally identifiable information, which falls under the DPA 2018 and GDPR legislation. This legislation is compelling organisations to report them to their local regulatory authority.
The expected increase is largely down to the change in circumstances that have transformed the attack surface available for the threat agents to work with. It has also increased or brought in more variations of existing attack methods.
COVID-19 phishing emails prey on emotions
While the migration of office staff to home premises introduces additional risks, which have to be managed, the prevailing risk to information security – email – has not changed. Emails will continue to be the biggest threat to information security for any organisation. The COVID-19 pandemic has just given the authors of phishing emails from a new angle to work from.
Until the start of the pandemic phishing attacks either exploited someone’s greed or gullibility. COVID-19 introduces a new angle as the virus kills people leading the Government to place restrictions on what people and organisations can and cannot do. Admittedly it is another variation on the gullibility, but most people want to be safe and obey the law. On receipt of an official-looking email about COVID -19, what will most users do?
Recent research shows that COVID-19 phishing emails have increased by 667% since the end of February 2020. While I’m a little dubious about the figures there is no doubt that the number of phishing attacks are increasing. The reason for this is mainly down to the ease of sending an email. Once the hard part (writing something plausible) has been done and you have an address list, it is as easy to send the phishing email to 50,000 addresses as it is to 5.
Targeted ransomware attacks on the rise
My third high-level holistic prediction is related to the phishing emails. I think we are going to see more intelligent and targeted ransomware attacks in the next 6 months. The hard part in a ransomware attack (for the attackers) is how to get the payload past the perimeter defences. Phishing emails have proven to be a good mechanism for this.
The three predictions are:
- A huge increase in reported data breaches
- An increase in Covid-19 related phishing emails
- An increase in targeted ransomware attacks
How do organisations plan and manage these risks?
Now that we know some of the increasing risks, we can plan to mitigate them. Check back over the next couple of weeks for part 2 of this series where I’ll address: Managing Cyber Security Risks in 2020.