How hackers are exploiting COVID-19

Speaking on The Australian’s Forward Slash Podcast, Nick Savvides, senior director of strategic business at cybersecurity firm Forcepoint, says that global news events such as COVID are perfect fodder for manipulation.

“Cybercriminals are actively trying to capitalise on the confusion that reigns in this situation,” Savvides says.

“People were getting the $750 bonus, JobKeeper and JobSeeker subsidies. Humans are reading (about it) on Facebook and Twitter, and hear snippets on the radio. It provides a great opportunity for a cyber criminal to say, ‘hey, you’re eligible for that one-off bonus the government is paying. Click here to get it’. And there’s just enough seed in someone’s mind to click on that link, fill out that form, hand over my details and then discover that I’ve been cleared out.”

Recognition from the federal government that significant investment must be made into cyber defence couldn’t have been more timely, with a recent survey showing that many firms are still not adequately prepared for cyber attacks.

A global study by the Ponemon Institute, sponsored by IBM, found that while organisations surveyed have slowly improved in their ability to plan for, detect and respond to cyberattacks during the past five years, their ability to contain an attack has declined by 13 per cent during this same period. The fifth annual Cyber Resilient Organization Report, which surveyed 3400 IT professionals from corporations across the US, India, Germany, United Kingdom, Brazil, Japan, Australia, France, Canada, ASEAN, and the Middle East, discovered that three-quarters of organisations are still reporting that their plans are either ad-hoc, applied inconsistently, or that they have no plans at all.

Australia fared better than many of the countries on the list, with 46 per cent of firms saying they had improved their cyber resilience since the previous survey but, worryingly, less than a quarter of respondents said they had a Cybersecurity Incident Response Plan (CSIRP) that was applied consistently across the business.

40 per cent of respondents said they only had an informal or ad hoc CSIRP or none at all.

Formulating a consistent cybersecurity response plan will be critical as the rate and severity of attacks was already increasing before COVID became a factor. According to the Ponemon survey, 71 per cent of Australian respondents reported they had seen an increase in the volume of attacks, with 64 per cent saying that attacks had become more severe. The biggest fear of respondents was leakage of high value information (61 per cent) and data centre downtime (44 per cent).

With such critical business functions at risk, and the near impossibility of ensuring good cyber hygiene across so many remote workers, firms are turning to technological solutions. IBM  advocates for predictive threat intelligence to get ahead of the problem.

“We really do need to get to a point where we get ahead of the threat and take the decision out of the hands of the end user and try to protect them beyond their compute environment,” Hockings says.

“IBM has been doing a lot of work in understanding what the global threat looks like in terms of current attacks. Who’s being affected? What industry? And then helping our clients remove those vulnerabilities and threats before they become a problem inside of their computers.”

It is a program that has worked particularly well in the financial industry, where phishing attacks aimed at scamming users out of their banking details were being targeted at multiple banks in multiple geographies.

“Let’s say we’ve got 100 banks, subscribed to a particular service and the attacker decides to go after one bank first,” Hockings says.

“We are able to detect that particular problem happening at that first bank and then remediate that issue and pass it on to the other 99. So it’s about getting ahead of the threat and protecting the ecosystem at a global scale before the attacker gets the opportunity to infiltrate those other 99 banks.”

Filtering out those threats in advance is a strategic pillar of the government’s recent announcement to create 500 news jobs on the cybersecurity front lines. According to Tom Uren, a senior analyst at Australian Strategic Policy Institute’s Cyber Policy Centre, it’s a recognition by the government of the need to protect the country’s economic prosperity.

“If you have a commercial advantage that degrades over time, suddenly your company is not viable anymore because of overseas competition. It cuts away at the prosperity of Australia by changing the balance of commercial agreements for trade. And it’s insidious in the sense that one event, one loss of data just chips away gradually. So that over time, we’re in a much worse place than we would have been otherwise.”

“The people who assign resources in larger companies and across the economy need to really understand that cybersecurity is a thing they need to invest money in, and that it actually underpins our prosperity in the longer term,” Uren says.