Written by Doug Austin, Editor of eDiscovery Today
We’re all familiar with how quickly COVID-19 cases have spread across the world and it seems as though it’s only getting worse. Here in the US, many expect a surge even from the numbers we’ve seen so far after many Americans traveled around the country during the Thanksgiving holidays. We hear about the challenges containing the virus on the news every day. We don’t hear about the spread of cyber attacks on the news every day, but that seems to be surging as well. Here are a few statistics to provide some context to the current cyber-dilemma many organizations face today:
- Cyber attacks reached 445 million incidents in the first quarter this year: According to Arkose Labs (reported here), a spike in online fraud was experienced in the first quarter of 2020 in light of the COVID-19 pandemic, with fraud and abuse attempts comprising 5% of all transactions;
- Business Email Compromise (BEC) attacks were up 200% from April to May 2020: As reported here, these BEC attacks focused on invoice or payment fraud typically involve a much bigger financial loss than many cyber attacks as they are aimed at business to business transactions;
- Between January and April 2020, cloud-based attacks escalated by 630%: According to McAfee, this swelling in cloud-based attacks is correlated with the rise in the usage of cloud services and collaboration tools, such as Zoom, Slack, Microsoft 365, etc.;
- Cyber attacks against banks rose by 238% due to COVID-19: According to ATM Marketplace, they jumped particularly between the months of February and April;
- Global ransomware reports were over seven times higher for the first six months of 2020: According to Bitdefender’s Mid-Year Threat Landscape Report 2020 (which I covered here), the total number of global ransomware reports increased by 08 percent Year-over-Year (YoY);
- At the World Health Organization (WHO), phishing attacks increased by 15 times during the first two weeks of March compared to the entire month of January: As reported here, medical questionnaires and passport copies of more than 2,300 patients at one facility were leaked on the dark web.
Cyber attacks are even beginning to cost lives. According to the New York Times, the first known death from a cyber attack was reported back in September after cyber criminals hit a hospital in Düsseldorf, Germany, with a ransomware attack that caused a woman in a life-threatening condition to be sent to a hospital 20 miles away where she died because of treatment delays.
So, the stakes are not only high, in some cases, they are literally a matter of life and death. Of course, this means any system or platform could be vulnerable, including those your organization uses for information governance and eDiscovery. Here are five best practices to protect your own organization against cyber attacks:
- Use strong unique passwords and change them often: Passwords should be a complex mix of numbers, symbols, and capital and lowercase letters and they need to be changed often, so organizations should require this. As end users, don’t use the same password everywhere as once it’s guessed in one platform, that enables cyber criminals access to others.
- Avoid pop-ups, links and unknown emails: Phishers try to trick you into clicking on an item that may result in a security breach. When in doubt, confirm with the IT department before clicking on any item that could be suspicious.
- Keep your software updated: Operating systems, security software, even end-user platforms should be updated to the latest version to maximize protections as cyber criminals are always taking advantage of flaws in older software.
- Back up your files: The ability to recover quickly if hit with a ransomware attack starts with current backups of your data and a sound plan for disaster recovery.
- Train, train, train: Make sure all of your employees are current on cyber security best practices and how to address various threats. It only takes one person to make a mistake to allow a breach into your organization.
Just as social distancing and wearing masks can help minimize the spread of COVID-19, following the best practices above can minimize the spread of cyber attacks to keep your organization “healthy” and secure.
For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, follow, eDiscovery Today! And as part of the continued educational partnership between IPRO and eDiscovery Today, he’ll be here in the IPRO Newsroom next week with more educational content!