Cybercrime – The Mutation Crisis Of COVID-19
The unfolding crisis of the COVID-19 pandemic has fueled an increase in cybercrime globally. Individuals and organizations are extremely vulnerable during this crisis as millions of users and organizations across the world are more than ever dependent on computer systems, mobile devices and the Internet to work, communicate, shop, share and receive information and otherwise mitigate the impact of social distancing.
There is ample evidence over the last couple of months that cybercrime actors are exploiting to these vulnerabilities to their own advantage. Some examples:
- Phishing attacks increased by 667% in March compared to January of this year via seemingly genuine websites or documents providing information or advice on COVID-19 are used to infect computers and extract user credentials
- Compromised username and passwords (approximately 25,000 records) from World Health Organization, U.S. Centers of Disease Control and Prevention (CDC), the World Bank, National Institutes of Health, and other notable groups were used to spread COVID-19 misinformation online
- Username and passwords for more than 500,000 Zoom (a video conference tool used by users and organizations) users was posted on the dark web for sale
- Ransomware operators demanded 33% more from their victims in Q1 2020 than the previous quarter with a 49% spike in attacks over baseline levels
- With an increase of remote workforce by 70% in April to February (as reported by Carbon Black), the cyber criminals are obtaining access to the systems of companies or other organizations by targeting these remote workers
- Canadians and Americans report ~13.2 million in COVID-19 related fraud losses and this number is increasing as more users are victimized by cyber criminals
A common theme arising from the above examples puts us humans as the ‘weakest link in the security, chain’. However, blaming users will not lead to more effective security systems nor will it stop the cyber criminals in exploiting the users and their behaviours. Organizations and service providers need to identify and address the causes of undesirable user behaviour with passwords typically caused by failure to recognize the characteristics of human memory, unattainable or conflicting task demands, and lack of support, training and motivation for creating stronger passwords.
Organizations and service providers need to adopt and provide secure, simple passwordless experiences to users. Enabling a passwordless solution that can accurately verify a user’s identity without the use of passwords, SMS, and OTPs vastly improves security by reducing the overall attack surface and eliminating compromised credential risk.
With the current COVID-19 crisis of increased remote workers and increased online shopping by users, organizations and service providers need to prioritize solutions that can easily integrate with a broad range of systems and support for use cases to reduce organizational risk. The aim is to shift away from a 60-year old credential-based (username and password) solutions to a modern authentication platform from the more exposed consumer and employee interfaces. This will allow for scaling and simple integration across a wider range of business applications and processes using widely adopted mechanisms such as Security Assertion Markup Language (SAML), OpenID Connect (OIDC), and REST API’s.
Often organizations and service providers are not certain on where and how to start this critical transformation to curb cybercrime. The following are the key areas where organizations and service providers can start thinking about adopting passwordless technology and solutions:
- Customer Identity & Authentication: This deployment will provide a secure and friction-free enablement into the most critical business functions securing the organization and their customers from digital fraud
- Remote Access (VPN) / Virtual Desktop: With a surge in remote workforce, removing static credentials from the equation reduces the risk
- IT Support Efficiency: With IT Support facing new challenges of remote support, a passwordless solution shall eliminate service desk tickets and calls related to password reset.
Critical infrastructures have faced a barrage of cyberthreats in recent years, and operators now recognize that future attacks are a matter of ‘when’ rather than ‘if’. With 56% of the utilities network operators worldwide, reported at least one shutdown or operational data loss per year and 54% expected an attack in the coming year posses a major cyberthreat to energy and utility organizations. In this blog we explore 3 best practices that critical infrastructure sectors need to adopt to keep the malicious actors from a barrage cyberthreats.
Over the past decade the banking and finance industry has experienced a monumental shift that brought both unique challenges and opportunities for institutions all over the world. Fast forward to today one thing is apparent – banks that choose to maintain the status quo simply will not be able to compete in a digitally accelerated landscape. In this blog we review the top 3 benefits of a frictionless and secure digital banking experience.
Are you considering passwordless authentication; however, not sure if it is achievable?
If your business uses passwords, you should be considering a move to passwordless authentication. Not only is it achievable, it’s the future of information access.
Let’s explore how passwordless login can be achieved regardless of the industry / sector you are in.
Stay up-to-date with the latest news and updates
Join our newsletter
Keep in touch with us and stay up-to-date on how you can protect your and your organization from identity-based attacks.
Get 12,000 free logins.
No credit card required.