Prepare for a New Era of Cyber Crime Across Industries

As working from home becomes the new normal, organizations need strong cybersecurity measures to avoid becoming victims of costly cyberattacks.

As the COVID-19 crisis unfolded, a wide variety of workforces transitioned to a remote environment. This move to working from home has changed the way employees interact with technology—and raised organizational cybersecurity risk.

Hackers have already adapted their attacks to exploit people’s concerns about the COVID-19 pandemic.1 Even before the crisis, cyberattacks were evolving in terms of sophistication and the avenue of attack used.

It’s also clear that reopening the economy isn’t going to mean an immediate return to the office. Working from home is going to be the new normal for many, including tech giants such as Facebook and Twitter, which have adopted permanent company-wide opt-in remote work policies.2 According to Facebook CEO Mark Zuckerberg, Facebook will not limit these policies to current employees; rather, the company will begin “aggressively” opening up remote hiring.3 Organizations with strong cybersecurity policies and procedures will find themselves better able to prevent or mitigate breaches in this new normal environment.

The High Cost of Ransomware

Independent of the coronavirus pandemic, the nature of cyberattacks has been changing in recent years. Ransomware attacks, in which cybercriminals encrypt an organization’s files and threaten to destroy or sell sensitive information unless they receive a ransom payment, have become significantly more frequent and destructive. In 2019 alone:

• At least 966 U.S. government agencies, educational establishments and healthcare providers experienced ransomware attacks
• One hundred and thirteen state and municipal governments and agencies experienced attacks; for instance, Baltimore City was crippled for over a month at a cost of more than $18 million
• Seven hundred and sixty-four healthcare providers were hit with ransomware. One provider paid more than $75,000 to recover its encrypted files
• The 89 universities, colleges and school districts affected by ransomware included Hamilton College, in upstate New York, and Monroe College in New York City4

And the attacks have continued to mount—in June 2020, Columbia College in Chicago, Michigan State University, and the University of California, San Francisco, were hit by ransomware attacks in the same week.5

Ransomware attacks cause lasting damage regardless of a company’s specialty or industry. The consequences of a breach can be devastating, and ransomware demands now routinely run into six and seven figures. Ransomware attacks can shut an organization’s systems down for weeks or even months at a time, racking up millions of dollars of costs in lost productivity and IT expenses, not to mention the effects of negative publicity and potential regulatory fines.

Current Avenues of Attack

Complicating matters further, ransomware is no longer delivered exclusively via fraudulent email. Current avenues of attack include:

• Common vulnerabilities. Cybercriminals have increasingly targeted weak points in unpatched systems, particularly insecure remote desktop protocol (RDP) servers—a key technology many organizations are using to support their employees’ ability to work remotely.6
• Compromised managed service providers (MSPs). The ability to do remote troubleshooting makes MSPs an attractive solution for technical issues in a work-from-home environment. But any security gaps with an MSP can allow cybercriminals to piggyback their way into otherwise secure systems.
• Botnets. Cybercriminals can rent networks of infected systems and use their combined computing power to breach organizations’ networks via brute force. As these botnets expand to include seemingly innocuous home network devices such as virtual assistants, work-from-home environments provide additional avenues for cybercriminals to launch attacks with greater ease and efficiency than we have seen previously.
• More sophisticated phishing attacks. Cyberattackers have expanded their fraudulent email repertoire to include impersonating third-party vendors to reroute payments or gain access to sensitive information.7 A new normal that involves much more digital communication makes it easier for these attacks to fly under the radar.

Strengthen Your Defenses

Unfortunately, organizations have few good ways to protect themselves from being targeted. Employees need open channels for communication, especially in a world where physical interactions have been curtailed. As a result, organizations must focus on ways to prevent potential attackers from gaining entry to their systems—and ways to detect successful breaches quickly while mitigating potential damage.

Here are five ways you can improve your organization’s protection in today’s work-from-home environment and beyond:

• Keep software and firmware up to date and backed up. Keep up with the latest updates for all hardware and software on your network—and ask work-from-home employees to do the same with their home networks. Frequent backups stored on an isolated system also provide critical insurance against business interruptions caused by ransomware attacks.
• Provide ongoing training and reminders for staff. Detecting phishing attempts and other potential fraud perpetrated via email requires constant vigilance. In addition to training employees to recognize attempts at fraud, remind them to be wary of any attempt to change payment information via emails, phone calls, text messages and faxes. Training might include sending fake phishing messages to employees to test their knowledge of how a phishing scam could appear in their inboxes. With in-person training on pause for most companies, making training available in a remote environment is an essential element of protecting your company’s most valued data from attackers. Most importantly, encourage employees to report suspected fraud immediately, as outlined below.
• Require two-factor authentication. In addition to requiring strong passwords, increase your system’s security by requiring employees to use an authenticator application or a biometric key such as a fingerprint when they log in.
• Prepare for attacks before they occur. Well-defined incident response plans and business continuity procedures go a long way toward mitigating an attack in progress. It’s important to work with security, legal and insurance partners. Consider engaging a team of diverse professionals to audit your systems, refine your business continuity plan and legal agreements, and help control any future attacks. Getting that process moving quickly amid an attack can be difficult if your organization doesn’t have existing relationships with third-party vendors. Even smaller organizations that lack the resources to engage in periodic simulations of a data breach should, at minimum, have a clearly defined process and a cybersecurity vendor relationship in place.
• Obtain a cyber insurance policy. Cyber insurance can increase organizational peace of mind about cyber risk in two ways. Not only does insurance coverage help mitigate the costs of addressing a breach, but the process of obtaining insurance can itself be a useful way to help your organization map its risks and quantify the threats it faces.

What To Do If You Suspect Fraud

If you receive a fraudulent email or if you believe you or your organization have become a victim of fraud, help protect your financial interests by taking these steps:

• Immediately contact your security officer or other security advisor to ensure you follow appropriate security guidelines and procedures
• Immediately contact M&T Bank at 1.800.724.2240, as well as any other appropriate entities that can help contain the incident
• Change all online banking passwords
• Review and confirm recent account transactions.
• Close existing accounts and open new ones as appropriate
• Review records for fraudulent requests for address, title or PIN changes
• Check for any orders of new cards, checks or other account documents to a fraudulent address
• Cease all activity on computer systems that may be compromised

To learn more about Wilmington Trust and M&T Bank’s cybersecurity efforts, please visit Cybersecurity and You.