The COVID-19 worldwide pandemic has changed almost every aspect of our everyday lives, most notably the way we work. An early estimate by Eurofound (the European Foundation for the Improvement of Living and Working Conditions) suggests that as a direct result of the pandemic, as much as 40% of people currently working in the EU started to work remotely full-time.
No wonder that the demand for heightened security in companies as well as in the government sector has risen dramatically. The issue of cyberattacks suddenly became even more pressing as attackers started to focus on large corporations and government institutions more intensely than ever before. The initial reports from respected sources confirm that this threat is a legitimate cause for serious concern.
The latest data about cybercrime
The rapid escalation of cyberattacks started in the first months of 2020, after the World Health Organization named COVID-19 a global health emergency in February. The following months showed a massive 800% increase in reported cyber crimes, according to the FBI.
The European Union Agency for Cybersecurity (ENISA) identified malware, web-based attacks and phishing as the top 3 threats of cybersecurity in its annual Threat Landscape Report that reviewed the situation for the period between January 2019 and April 2020. Let’s take a look at some of the alarming findings presented in the report.
Malware
Malware is a cyberattack performed through malicious software (viruses, spyware, ransomware etc.) and is commonly used for espionage, service disruption, or for stealing sensitive information. The initial attack usually comes through web and e-mail protocols, but can often spread further inside a network by exploiting system vulnerabilities.
The ENISA Threat Landscape 2020 – Malware report highlights the following findings over the examined period:
- 13% increase in Windows malware detections at business endpoints globally
- 46,5% of all malware in e-mail messages found in ‘.docx’ file type
- 67% of malware was delivered via encrypted HTTPS connections
- 71% of organizations experienced malware activity that spread from one employee to another¹
Web-based attacks
The victims of web-based attacks are lured to visit malicious URLs or to download infected content, but, as observed by different research teams, exploiting internet browsers, or compromising content management systems also became a very popular way to access valuable user and company data. Apart from the mentioned methods, targeting web-based collaboration and messaging platforms notably increased as well, as they are being used in multi-stage infection schemes.²
Phishing
Usually set in motion with e-mail messages, phishing attacks attempt to steal login credentials, credit card information, or money by persuading the user to visit fraudulent websites, or to open a malicious attachment. Most affected services are webmail and software-as-a-service products, Microsoft 365 being the top target. Once the attackers acquire the required credentials, they are able to collect even more organisational data while remaining undetected for weeks, or even months.
Here you can see some of the highlights from the ENISA Threat Landscape 2020 – Phishing report:
- 26.2 billion of losses in 2019 with Business E-mail Compromise (BEC) attacks
- 42,8% of all malicious attachments were Microsoft Office documents
- 667% increase in phishing scams in only 1 month during the COVID-19 pandemic³
Which sectors are being targeted by hackers and organized crime groups the most?
The most targeted sectors are digital services, government administration and the technology industry. Attacks aimed at the financial and healthcare sector have also increased substantially over the past year.
How to protect your company assets?
As you can see, the proper protection of your company’s IT environment is now, more than ever, of grave importance. So, what can you do to keep your data and finances safe?
Apart from following the general golden rules such as using strong passwords, setting up multifactor identification and keeping your software up to date, you should invest in advanced security software solutions – most importantly antiviruses and VPN products. As much as antivirus software for individuals has developed over the last years, its protection is not sufficient enough for company purposes as businesses face much more elaborate, organized and serious threats. Since the infrastructures of companies and governmental institutions differ a lot, it is important to obtain security products tailored specifically for each of their needs.
Antivirus and VPN solutions for businesses and organizations
Since the infrastructures of companies and governmental institutions differ a lot, it is important to obtain security products tailored specifically for each of their needs. We can offer a big variety of security software solutions from the most highly regarded manufacturers in the cyber security industry (Avast, AVG, Bitdefender, ESET, NordVPN, or Kaspersky).
Looking for a VPN solution tailored to your needs? Contact us!
¹ ENISA Threat Landscape 2020 – Malware, October 20, 2020
² Based on the ENISA Threat Landscape 2020 – Web-based attacks report, October 20, 2020
³ ENISA Threat Landscape 2020 – Phishing, October 20, 2020