Essay Sample on The Vulnerability of Organizations to Breaches During the Covid-19 Pandemic

The world is currently battling one of the biggest health crises witnessed in the last century. The COVID-19 pandemic has led to the loss of thousands of lives, has disrupted livelihoods, and has significantly affected economies around the world. Moreover, in an attempt to contain the spread of the virus, various guidelines that have affected social and organizational structures have been implemented. For instance, social distancing is one of the several measures developed to address the challenge. Owing to such guidelines, organizations were forced to encourage their employees to work from home. While this measure proved to be effective in controlling the spread of coronavirus, it had a downside. As more people stayed at home, dependence on cyberspace increased, a factor that led to a rise in their vulnerability. Statistics reveal that malicious attempts to take advantage of the unplanned shift online have been on the rise (Bednar, 2020). Some activities that criminals are engaging in online include selling fake COVID-19 cures, phishing emails by posing as governmental or intergovernmental health organizations, and the introduction of malware into different resources that are tracking the pandemic. Some organizations were also underprepared to telework, and hence the shift made them vulnerable to breaches. Therefore, other than the disruption of social, economic, political, and health systems, COVID-19 also poses a huge risk in the digital space. In this light, this paper seeks to discuss improvements that could be made to address such weaknesses.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Order now

Types of Attacks Witnessed During the Covid-19 Pandemic

Various types of attacks have been witnessed during the COVID-19 pandemic. They include;

RansomwareIn this type of attack, cybercriminals encrypt large amounts of an organization's data and demand huge ransom to restore it. When such an attack involves critical hospital data, the lives of the patients are placed at risk. Failure to pay the ransom may prompt the hackers to publish the personal data of the patients, which violates their privacy and confidentiality. In turn, the exposure would be a violation of HIPAA, which is a key legislation in the digital era. 10x, a company involved in developing a treatment for COVID-19 is among the organizations that have reported an attempted ransomware attack. Such attacks may also derail the efforts to get a vaccine or a cure for the disease. According to the World Health Organization (WHO), while the real motive of the attacks is not yet known, there is suspicion that they are meant to get information on tests, vaccines and cures and possibly sell it in the black market (Fontanilla, 2020).

Phishing

Using this type of attack, criminals try to imitate the identity of legitimate organizations and send out information regarding COVID-19. The emails, when opened, may introduce malware into an organization's system, a factor that compromises its security (Fontanilla, 2020). According to the Federal Bureau of Investigations (FBI), more than 1,000 phishing claims have been reported during the pandemic (O'Reardon & Rendar, 2020).

Spam

Spamming involves emailing advertisements to people who have not signed up to receive them. Just like in phishing, such emails may have malicious attachments (Fontanilla, 2020). After being introduced into the system, the malware can then be used to harvest credentials, lock down the system, or install key loggers.

Social Engineering

Using this tactic, attackers use social skills to get information about an organization or its systems. They use a false identity to obtain information that helps them infiltrate the network of an organization (Fontanilla, 2020). For instance, they may pretend to be new employees or researchers.

VishingThis tactic uses voice communication coupled with other types of social engineering to entice the victims to call a given number (Fontanilla, 2020). They are then trapped into divulging sensitive information which is used to gain access into an organization's network.

SmishingClosely related to vishing, smishing uses text messages to acquire critical information from unsuspecting victims. The text messages may contain links which introduce malware into the device once opened (Fontanilla, 2020).

How Breaches Occur in Emergent Situations

According to the literature, the breaches witnessed during the COVID-19 pandemic is not a new phenomenon. History shows that cyber extortionists and hackers utilize emergent situations to prey upon unsuspecting and underprepared businesses and consumers (Ira & Kightlinger & Gray LLP, 2020). Regarding the current situation, the work-from-home orders left skeleton crews in most offices presented an opportunity for criminal elements to develop and implement social engineering tactics like phishing. The general distraction that the pandemic caused since no organization was prepared for it also increased their vulnerability. Moreover, the pandemic has led to high levels of panic and uncertainty, emotions that attackers have capitalized on to access the personal information of individuals and businesses.

The work-from-home arrangements have seen a drastic increase in the consumption of virtual meeting applications. For instance, the usage of one video conferring app jumped from 10 million to 200 users between December and March (O'Reardon & Rendar, 2020). Such applications are increasingly being used in board meetings, college classes, yoga sessions, among others. In some cases, sensitive information is shared during these sessions. While the platform provides an alternative to physical meetings, which have been banned in an attempt to contain the spread of coronavirus, they are susceptible to breach. For example, some meetings have been disrupted by threatening language, hate images or pornographic material (O'Reardon & Rendar, 2020). The sudden shift to remote workforce increases the vulnerability of an organization to cybersecurity breaches in several ways.

Behavior Changes

In an offsite location, employees are more relaxed. In such a state, they are more likely to reply to emails from hackers. Besides, adjusting to the new environment and its demands may lead to high levels of stress (Ritchey, 2020). When stressed, the employees may be less strategic, a flaw that can easily be exploited by hackers. Sometimes, employees may fall for tactics used by cybercriminals unintentionally. For instance, the devices provided by the company might be slow or have other issues forcing the employees to turn to their devices, which might be infected by malware. As a result, the company's systems are exposed to a wide range of risks (Bednar, 2020).

Situational Changes

While working remotely, there is a chance that access rules and security instructions may not reach all employees in the intended form. As such, oversight of transactions, as well as other important workflows, may not be adequately stringent, allowing criminals to attack (Ritchey, 2020). Also, the company does not provide internet for employees working remotely. Some of the employees, therefore, use shared internet, which increases the organization's vulnerability to attacks.

Technological Changes

The COVID-19 pandemic has also led to various technological changes. For instance, as more employees work from home, companies have had to extend firewalls beyond the restrictions of the office. The organization's systems are also being accessed from various devices, including personal ones (Ritchey, 2020). Such changes can potentially compromise data and expose the company to several other risks.

Lessons Learned from the Pandemic

Now more than ever before, IT teams have been reminded that they are the organization's first, and often the only, line of defense against phishing and other social engineering tactics (Ira & Kightlinger & Gray LLP, 2020). It has also shown that while some operations have been stopped owing to the pandemic, the work done by the IT team cannot be disrupted or neglected. As businesses run remotely, IT teams have been getting busier for several reasons. First, they must provide constant vigilance to detect attacks as well as log review. They also have to help other departments seamlessly settle into working remotely. As organizations increasingly adopt telework, the IT teams are also charged with the assessment of the organization's cyber risk profile (Ira & Kightlinger & Gray LLP, 2020). Moreover, the pandemic has helped businesses learn that while working from home reduces expenses, the associated cybersecurity risks can lead to bigger losses if not adequately addressed (Bednar, 2020).

Ways of Reducing Vulnerability to Cyber Attacks

In light of the increased cybersecurity risks due to the COVID-19 pandemic, various recommendations have been made on ways to reduce the vulnerability of organizations. Besides, people might continue working from home even after the pandemic. For instance, Twitter has announced its interest in allowing some of its employees to continue working from home if they choose to (Ritchey, 2020). Other giants such as Facebook and Google have also shown support for such changes. Such shifts also call for higher vigilance to detect possible attacks (Ritchey, 2020).

Individual Responsibility

It is recommended that employees should not click on links found in unsolicited emails (Ira & Kightlinger & Gray LLP, 2020). Any attachments in these emails should also not be opened. Attempts should also be made to detect the various indicators of phishing attempts. While phishing is among the most used social engineering tactics in attacks, it can be easily detected. A suspicious sender's address is among the key indicators of phishing attempts. In such instances, the address closely resembles those used by legitimate businesses. Usually, a few characters from the legitimate company's address are omitted or altered. Spoofed hyperlinks also indicate phishing attacks. They can be identified by hovering the cursor over the link. In the case of a phishing attempt, the text that appears when the cursor hovers does not match the hyperlink (Ira & Kightlinger & Gray LLP, 2020). Generic greetings, grammar and spelling errors, as well as suspicious requests to enter one's login credentials, are also indicators of possible phishing attacks. To be aware of these indicators, organizations must invest in educating their employees.

It is also recommended that employees should be cautious with emails purporting to be from various experts or organizations such as the Centers for Disease Control and Prevention. When one needs to access such information, they should directly visit the websites of the specific organizations. Employees should also avoid revealing financial or personal information in emails (Ira & Kightlinger & Gray LLP, 2020). They should also not reply to emails soliciting such information. Besides, they should ignore people soliciting donations online. Organizations must also ensure that anti-virus and anti-malware software on their network is updated.