FUTURE OF LP
Cyber-Security Strategies during COVID-19
By Tom Meehan, CFI Meehan is retail technology editor for LP Magazine as well as chief strategy officer and chief information security officer for CONTROLTEK. Previously, Meehan was director of technology and investigations with Bloomingdale’s, where he was responsible for physical security, internal investigations, systems and data analytics. He currently serves as the chair of the Loss Prevention Research Council’s (LPRC) innovations working group. Meehan recently published is first book titled Evolution of Retail Asset Protection: Protecting Your Profit in a Digital Age. He can be reached at TomM@LPportal.com.
C
yber crime has always been an issue, and the era of COVID-19 is no exception. In recent months, bad actors have been taking advantage of both individuals and businesses during this vulnerable time through phishing scams with COVID-specific themes, anything from fake websites to access your coronavirus stimulus check or impersonating regional health authorities to share fake news. The pandemic has also seen a wave of bad actors attempt to infiltrate major corporations, with the hope that they have been overwhelmed by pandemic-related issues and have weaker cyber-security protocols. In June, Amazon Web Services reported that they had to defend themselves against a significant denial-of-service (DDoS) attack with a peak traffic volume of 2.3 terabytes per second (TBps), the largest ever reported. Before that, the previous largest DDoS attack recorded was 1.7 TBps, mitigated by NETSCOUT Arbor in March 2018. The Australian government also came under cyber attack in June, from what the prime minister described as a “malicious” and “sophisticated” state-based actor.
In June, Amazon Web Services reported that they had to defend themselves against a significant denial-of-service (DDoS) attack with a peak traffic volume of 2.3 terabytes per second (TBps), the largest ever reported. The best way to protect ourselves from cyber criminals is for both the public and private sectors to work together to prevent bad actors from accessing our systems while also educating the public about how to identify and avoid phishing scams and other malware.
Working Together to Prevent and Respond to Cyber Crime
Private companies often have more-advanced technological innovation that can not only prevent bad actors from infiltrating their systems but also track and analyze these attempts. This technology can be very helpful for law
46
JULY–AUGUST 2020
|
enforcement to find and arrest cyber criminals, which will offer justice to victims of cyber crime while also increasing the risk of cyber crime, making it less enticing to others. In April 2020, the World Economic Forum launched the Partnership against Cybercrime initiative with the goal of unifying the public and private sectors in working to prevent cyber crime. This initiative involves creating a global framework where governments and private companies can collaborate to improve the effectiveness of cyber-crime investigations and enhance the potential of disruptive actions against cyber-criminal infrastructures.
Educating the Public to Protect Themselves from Cyber Crime
The sudden and unplanned shift of so many office employees to long-term remote work has introduced a wide range of challenges for both businesses and individuals. For example, video conference meetings on Zoom have become a necessary replacement for regular in-person meetings, but these virtual meetings are not always secure. Zoom meeting rooms can be easily found and infiltrated by unwanted visitors, or even transcribed and posted online without meeting participants’ consent. Shifting to remote work also means companies have had to move sensitive information to online servers, so employees can access these files, which opens up their organizations to the possibility of unauthorized external access. While many businesses are incorporating cyber-security strategies in their organizations as they grow, one large group has not caught up: schools. In an effort to keep up with the digitization of education, public schools have moved a lot of resources and teaching tools online, but they often lack the dedicated funding and resources to secure this data—and these obstacles already existed before learning moved online during the COVID-19 pandemic. Because of this, schools struggle to follow industry-wide best practices for cyber security, such as having a dedicated cyber-security expert review and update their security protocols and regularly patching system vulnerabilities. With so many teachers and students abruptly moving everything online, anything from Zoom class meetings to online school portals, if not properly encrypted or otherwise secured, can become an opening for a cyber criminal to infiltrate the school’s system. These vulnerabilities
LOSSPREVENTIONMEDIA.COM
