2020 has been a challenging year for many businesses that had not developed their digital-communication portals. Many paper-run companies were forced to shut their operations during the COVID 19 pandemic lockdowns. Companies that had developed their websites and portals continued at almost 100% capacity, but this also meant that the companies were facing higher cybersecurity risks due to multiple reasons discussed in this report. Cybersecurity threats have reported a sharp rise during 2020 as a direct result of people using their device and developing relaxed attitudes towards work and security while working from home(Ahmad, 2020).This report will also explore essential concepts that have directly encouraged cybersecurity threats during the COVID 19 pandemic and how each company staff member can secure company resources and valuable data from loss.
Cybercriminalobjectives and goals
It is essential first to understand why cybersecurity and data theft incidents happen based on which mitigation strategies can be put b place. In the B&C Insurance scenario, data theft has occurred with the sole intention of demanding ransom from the company in exchange for the data. Still, there are other reasons data theft and cybersecurity breaches occur, including corporate espionage and many instances of cybersecurity system breaches as a hobby(An & Kim, 2018). Each of these cybersecurity breaches delivers the same result. Still, for ransom and as a hobby, the cybercriminals will usually inform business regarding the data breach. They will usually demand money in exchange for ransom or tell the business relating to a venerability identified on the digital systems. Today, many companies offer handsome rewards to cyber experts who identify and report system vulnerabilities. Therefore helping businesses protect their valuable data.
On the other hand, when cybersecurity breaches are performed for corporate espionage, cybercriminals do not reveal the data breach and venerability. They continue spying and extracting critical information and data.
Sudden rise in cybersecurity breaches
2020 marked a Pandemic year that altered how people work, whereby billions of people worked from home and continue to do so to date. The Pandemic and consecutive lockdowns happened suddenly. This resulted in many people and businesses not being prepared and needing to accept unchecked work from home policies. IT security teams also had no time to put security protocol in place to protect their systems. Suddenly businesses were dependant on employee personal gadgets to access their systems and continue working, which resulted in considerable vulnerabilities to the business systems(Govender, Watson, & Amra, 2021).A unique device is not meant to access business systems, and many have unverified applications and software which may hold spyware and other cybersecurity threats. The sudden use of the personal device to access business systems and data resulted in malware gaining access to secure systems resulting in sudden increasing cybersecurity breaches during and after the COVID 19 Pandemic.
Types of data type Cyber Criminals Target
Cybercriminals tend to target data and information which holds value to a company. This information may be in the form of company secretes, financial statements, client information, operations and performance statistics and many other forms of data(Marge, 2018). With digitalisation, more data is being generated by businesses, and the data can be analysed to determine essential trends which a company may use to enhance its operations and profits.Sensitive business data is a highly targeted form is data that cybercriminals target, making it essential to secure the data sources to prevent loss of sensitive information(Grispos, 2019).
Every person and private business will want to protect their financial data and information resulting in many people being prepared to pay cybercriminals to stop them publicising personal information. Personal financial statements and data are mainly targeted by ransom cybercriminals who use the information as leverage to extort ransoms money from their victims.
Cybercriminals also target personal contact and client information. This information takes the shape of client bank and payment details as well as customer information. Both are highly valued forms of data that many business competitors are prepared to purchase.
Customer banking and financial information
This takes the form of customer credit card, internet banking and UPI data. Cybercriminals can use this information and perform illegal transactions without the account holder’s permission, not them being aware. This form of cybersecurity is mainly aimed at businesses with large customer banking information databases as the information can be used to make unauthorised payments.
Customer contact and other details
Customer contact information and other details are considered to be extremelyvaluable and highly demanded corporate espionage. Today many companies are willing to purchase competitor information to analyse and develop strategies to win and dominate a market.Withaccess to a competitor’s customer information, businesses can develop sales strategies to approach consumers and enhance their sales and performance using their data and information. While this is a criminal offence and unethical,it’s essential to understand that many businesses are prepared to purchase such data. It helps reduce data collection for marketing which significantly increases sales turnover rates.
Performance statistics and plans
Next of cybersecurity breaches aimed at collecting competitors secretes such as the companies statistics and plans. This is vital information among competitors, which is usually a corporate secrete which is closely guarded. This makes it valuable information competitors seek to inform the businesses regarding competitor plans and product lines. Having this information allows companies to maintain a competitive edge in the market, therefore, making business performance statistics and plan avaluable form of data cybercriminals are constantly searching to breach(Saini, Rao, & Panda, 2012).
System security breach and vulnerabilities
System security threats are commonly misunderstood to be malware which attacks and corrupt a system. This misconception about system security leads many people to overlook the dangers since they expect a significant breakdown and not a standard operating procedure. While ransomware may corrupt a system, most system security threats tend to infiltrate the system and remain undetected for extended periods. Many people never even realise they are harbouring malicious software for months and even years. Some malware examples that do not corrupt a system yet continue relaying data can be found on many unverified games and entertainment software(Williams, McGraw, & Migues, 2018). Most people are unwilling to pay subscriptions for entertainment, so many opt to install unverified and unsecure applications that offer pirated versions of software and applications. These may work on a system and provide free entertainment, but they also come with a severe system threat. The software developers use most peoples instinct to accept terms and conditions before reading them, resulting in them grinding permission to the software to access and export data. Once received, the application is capable of exporting all your data without needing any further approvals.
How each staff member can protect company data and assets
With the advances in technology, there is a sharp rise in demand, leading to an increase in cyber security attacks. During the COVID 19 pandemic, there has been a sudden spike in data theft, and this is only among people who have noticed the threats and attacks. Most people still do not understand the danger nor know to detect the threat. This makes it essential to share some tips that will help reduce the risk exposure and help businesses and staffs protect their data and information(Aldawood & Skinner, 2019).
Avoid using unapproved software and applications.
People who consider they are downloading parented software and access entertainment for free are wrong since most of the applications come within buildsystem security threats that are likely to leak personal information and data. These are mainly background running applications that continue extracting and exporting information and data while in operations or when turn off. It is therefore advised to avoid such applications to reduce the risk of system security breaches.
Maintain a dedicated set of entertainment equipment
Suppose pirated applications and software are irresistible and cannotbe avoided. In that case, it is advisable to maintain two sets of equipment, one for professional and sensitive purpose while the other needs to be for entertainment purpose. Keeping separate systems helps reduce the risk of exposure to professional techniques and data. It’s also essential to maintain the different networks to prevent cross-contamination and avoid using thumb drives and other removals storage device between the systems to prevent cross contaminations.
Each businesses stakeholder needs to understand they contribute towards their company’s development and security. This also involves maintaining a secure environment to run business systems. During the COVID 19 pandemic, many businesses were forced to reply on staff personal equipment due to the short notice lockdowns. But it is also the staff’s responsibility to maintain secure equipment to reduce the risk of data loss. In situations where a system is shared or exposed to security risks, the staff member needs to inform the business heads to reduce exposure risk. Cybersecurity threats are expected to continue rising, making each stakeholder essential to contribute towards businesses data security.
Ahmad, T. (2020). Corona virus (covid-19) pandemic and work from home: Challenges of cybercrimes and cybersecurity.
Aldawood, H., & Skinner, G. (2019). Contemporary Cyber Security Social Engineering Solutions, Measures, Policies, Tools and Applications: A Critical Appraisal. International Journal of Security (IJS), 10(1), 15.
An, J., & Kim, H. (2018). A data analytics approach to the cybercrime underground economy. Ieee Access, 6, 26636-26652.
Govender, I., Watson, B., & Amra, J. (2021). Global virus lockdown and cybercrime rate trends: a routine activity approach. In Journal of Physics: Conference Series. IOP Publishing, 1828(1), 012107.
Grispos, G. (2019). Criminals: Cybercriminals. Encyclopedia of Security and Emergency Management, 1-7.
Marge, R. (2018). THE IMPACT OF ECONOMIC COMPANY DATA THEFT. Fiability & Durability/Fiabilitate si Durabilitate, 1.
Saini, H., Rao, Y., & Panda, T. (2012). Cyber-crimes and their impacts: A review. International Journal of Engineering Research and Applications, 2(2), 202-209.
Williams, L., McGraw, G., & Migues, S. (2018). Engineering security vulnerability prevention, detection, and response. IEEE Software, 35(5), 76-80.