The quick transition to working from home due to the coronavirus pandemic comes with high risks, without suitable security measures. This is because an “analog” virus could prepare the environment for its digital relatives.
Digitalization is the trump card. That’s the message found everywhere in politics these days. Unfortunately, people are not always fully aware that it is a double-edged sword. This was only recently revealed by the “all-round carefree website” for COVID-19 test centers. For each account owner, 136,000 test results from more than 80,000 affected persons were public for days. This didn’t need any criminal effort.
But if cybercriminals are involved, the damage reaches entirely different dimensions. It ranges from financial losses, loss of intellectual property, damage to reputation or loss of customers to the manipulation of production facilities or safety-critical facilities. The likelihood of attacks increases with the opportunities that expanding digitization offers in authorities, companies and private households. And there is no end to the immense increase in people working from home during the pandemic.
At the start of the year, the Federal Criminal Police Office warned of a significant rise in criminal cyber activities in the form of DDoS attacks (Distributed Denial of Service). They are particularly directed at companies and digital platforms for home office and home schooling. There, the overloading of websites, servers and networks often leads to the services being inaccessible.
The DDoS Report 2020 from Link11 proves this trend. From February to September, the number of attacks almost doubled compared to the same period in the previous year. It is estimated that there were 50 million DDoS attacks worldwide in the past year. In addition to VPNs (virtual private networks) and APIs (application programming interfaces), the attackers also focused on CRMs (customer relationship management systems), databases, and e-mail and web servers. Cybercriminals also increasingly tried to cash in on DDoS extortion in the second half of the year. With a large volume of warning attacks of over 50 gigabytes/s, companies would be forced to pay 5 to 15 bitcoins.
Unfortunately, this threat does not set the alarm bells ringing for everyone. According to a recent AT&T survey, 54 percent of employees stated that they also use company devices privately – sometimes even together with family members. This ranges from reading private messages to connecting with smart devices in the household. 55 percent of those surveyed had been targeted by a cyberattack while working remotely in the past year, and nearly a third said their company is not doing enough to protect them from such threats.
Cybercriminals start their attacks at the most vulnerable point – the remote employee. According to the IDC study on Cyber Security 2020, 38 percent of those surveyed have increased their budgets for securing working from home and remotely. This includes expenses for better protection of end devices and for data protection. However, urgent investments are still needed in backup and recovery, secure cloud computing, as well as stronger identity and access management, and must be addressed as soon as possible from IDC’s point of view.
The current study – like the one before it – clearly shows that many organizations still lack sufficient protection. Although basic protection and standard security solutions are available in all organizations, this alone is less and less sufficient to counter the number and intensity of attacks. The key to success lies in the integration, automation and continuous optimization of security processes across all IT and business domains. In addition, Link11 says companies should include the threat of DDoS extortion in their risk assessments because hardly any other type of cyberattack can bring digital business processes to a standstill as quickly or for as long.
Link11 DDoS report 2020 (March 2021)
IDC: Cyber Security 2020 (October 2020)