Experts Reacted On Mass Exploitation Of The Pandemic By Cybercriminals – NCSC Annual Report

By   ISBuzz Team
Writer , Information Security Buzz | Nov 05, 2020 01:49 am PST

Following the NCSC’s Annual Report on the rise of cyber-attacks – and particularly those exploiting fears around COVID-19 – during the pandemic, it is clear that security teams are vastly outnumbered.

To cope with the volume of threats, the sophistication of attacks, and the fact that many teams are away from the infrastructure the office provides, advanced technology will be the key to fighting these threats going forward, and filling the skills gap.

Notify of
3 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Chris Waynforth
Chris Waynforth , Area Vice President, Northern Europe
November 5, 2020 10:31 am

The growing number of ransomware incidents is a concern, but more worrying is their severity. The strength of DDoS attacks each month has already eclipsed the levels of November 2019, the previous record. We’ve recorded our largest-ever attacks in terms of both packets per second and bandwidth, and the level of overall DDoS risk has increased every single month.

We’d expect this pattern to continue over the rest of the year and 2021, as criminal groups see increasing opportunities and rewards. Organisations need to be aware of the risks, and ensure they have a strategy in place to mitigate them.

Last edited 3 years ago by Chris Waynforth
Ben Freeney
Ben Freeney , Advanced Threat Centre Manager
November 5, 2020 10:24 am

Covid-19 has quickly become a popular ‘lure’ for cyber attackers, with more people seeking out information about the pandemic and therefore the likelihood to trust and click on false links increasing.

Working from home has become a staple and organisations must ensure that employees know the role they play when it comes to preventing a cyber-attack. Take phishing, for example. When an employee receives a phishing email, there will be clues that the sender is not who they pretend to be. The use of special characters, spelling and grammar mistakes and the email address of the attacker are just some red flags that employees should look out for.

Organisations need to ensure that their staff are fully aware of the importance of maintaining good cyber security practices in their day-to-day tasks. However, phishing emails are now so sophisticated, you can’t rely on employee awareness alone to protect the organisation from attacks; they cannot be blamed for falling victim to professional social engineers. Organisations have a responsibility to deploy defence in depth to provide multiple ways to prevent phishing emails from being successful. Processes such as filtering emails, employee awareness, threat intelligence, blocking malicious domains and multi-factor authentication should all be in place to protect staff from potential cyber-attacks.

Last edited 3 years ago by Ben Freeney
Adam Enterkin
Adam Enterkin , SVP, EMEA
November 5, 2020 9:55 am

The exploitation of COVID by cybercriminals is not a surprise. An increase in phishing and fraud during the pandemic is not out of the ordinary for today\’s significant global events. And ultimately, society\’s inability to protect vulnerable citizens and data from cyber crime in this crisis was all but inevitable, but it is preventable.

Already overwhelmed by the volume of threats, even the best cybersecurity teams have been in over their heads working from home whilst battling COVID-related threats, a rise in ransomware, and the infiltration of hack-for-hire groups in global politics. They are vastly outnumbered: according to the Global Information Security Workforce, the UK is set to have 100,000 empty cybersecurity jobs by 2022. Reinforcements must be called in – if not as new recruits, then in the form of technology.

AI technology can help manage the volume of potential threats, spotting anomalies in data and dealing with menial and repetitive tasks whilst flagging potentially serious situations to cyber security team. With COVID phishing emails, for instance, the AI spots the presence of malware and the attack is thwarted before the link can be mistakenly clicked – triggering long-lasting repercussions for the entire organisation.

Security teams are exhausted. Human error will happen. But with AI automating repetitive tasks, this risk is vastly reduced. Humans and tech must work hand in hand, so the professionals are equipped with the right knowledge and skillsets to keep our enterprises, and our country, safe.

Last edited 3 years ago by Adam Enterkin

Recent Posts

Would love your thoughts, please comment.x