6 minute read
Rising Cybersecurity Threats
Rising Cybersecurity Threats During the COVID-19 Pandemic: Tips on Staying Safe Online
By David Sikolia
Cybersecurity is defined as the act of securing and protecting individuals, businesses, organizations and governments that are connected to the Internet and the web. It involves the protection of networks, devices, programs and data from attack, damage or unauthorized access. Cybersecurity is important because it encompasses everything that pertains to protecting our personal information, intellectual property, data and government and industry information systems from theft and damage attempted by criminals and adversaries.
These criminals, referred to as cybercriminals, are individuals or teams of people who use computer technology to commit malicious activities on digital systems or computer networks with the intention of stealing sensitive organizational information or personal data and generating profit. There are many types of cybercriminals including hacktivists, state actors, online stalkers, cyberterrorists, cybercrime part-timers, malicious insiders, career cybercriminals and organized criminal gangs (for example, drug dealers).
Cybercriminals are known to access the cybercriminal underground markets found on the dark web to trade malicious goods and services, such as hacking tools and stolen data. The dark web is a part of the Internet that is not indexed by search engines and requires specific browsers to access. On the dark web you can buy credit card numbers, counterfeit money, stolen usernames and passwords, software, etc. Cybercriminal underground markets are known to specialize in certain products or services.
For most of 2020, we have been facing a global health crisis unlike any other in more than 100 years. The COVID-19 pandemic has affected all segments of the population on Earth. It is more than just a health crisis; it is an economic and social crisis as well. Cybercriminals, exploiting the vulnerable situations in which many people find themselves, have increased their criminal activities in this time period. An article on Engadget.com gives some idea of the growth:
Much of this jump can be attributed to America’s daily activities increasingly moving online. A report from Stanford University in late June stated that 42 percent of the U.S. labor force was working from home full-time.² In addition to the millions of employees working from home, millions of students, from elementary to university, are taking virtual classes online. This increase in online activities is not limited to the United States alone but is happening in virtually every country on the globe. As schools have shifted to online learning
and organizations to remote working to protect their members from COVID-19, cybersecurity threats have continued to rise.
The FBI reports a spike in fraudulent unemployment insurance claims filed using stolen identities. Criminals have used virtual meeting platforms like Zoom to broadcast child sexual abuse material to unwitting participants of school, church or other online gatherings. Scammers are marketing fraudulent and/or unapproved COVID-19 antibody tests, potentially providing false results. In addition, fraudsters are seeking to obtain individuals’ personal information (names, dates of birth and Social Security numbers) and personal health information, including Medicare and/or private health insurance information, which can be used in future medical insurance or identity theft schemes.
The challenges, therefore, are how to secure new remote working practices while ensuring that critical business functions operate without interruption and how to keep organizations and individuals protected from attackers exploiting the uncertainty of the situation.
Unlike employees in a work setting, home users are not subject to training, nor are they protected by a technical staff dedicated to keeping security software and hardware current. Thus, with more than one billion people with access to the Internet, individual home computer users represent a significant point of weakness in achieving the security of the cyber infrastructure. As we get used to work and school at home during COVID-19, our devices and the Internet are playing a big role in keeping us connected. However, it is important for each one of us to take individual responsibility and implement computer security steps to stay safe online.
These actions include reviewing and updating your privacy settings on social media, installing anti-virus software, encrypting your files, connecting to video chats safely, getting rid of accounts you no longer use and learning how to deal with the COVID-19 information overload. However, these three steps are among the most crucial: updating your phone and computer apps, thinking before clicking on a link in an e-mail and using secure passwords.
The first thing you need to do is update the apps and applications you use. People working from home might use older computers with older versions of software compared to their computers at the workplace. It is important that your devices and any computer programs that communicate with the Internet be up to date to reduce the risk of attack. If you are using old versions of applications or apps, it is likely there will be software bugs that can leave your devices vulnerable. Software updates often include software patches that repair security holes that have been discovered, as well as fix or remove computer bugs.
Second, think before you click. Phishing scams try to exploit fear and uncertainty, and those linked to COVID-19 are no different. When you receive an e-mail, download a file or files from the Internet or click on a link, think of the following: Is this file from a trustworthy source? Does the e-mail seem genuine, looking at factors like the source address, spelling and context? Is the link legitimate, such as the destination of the URL? If the phishing attacks come from cybercriminals, they are most often seeking to access devices so they can steal financial information. They can also use ransomware to lock down the device and try to extort money to unlock it again. To protect your information in a phishing attack, you should never disclose your usernames and passwords; never assume an e-mail, text message or phone call is authentic; don’t let yourself be rushed and listen to your instincts.
Third, do not use the same password for multiple accounts. Using the same password across multiple accounts makes it easy for cybercriminals to access your online accounts. If the hacker has the password for one service, it is a no-brainer for him or her to check on whether that password has been reused on other sites. Hackers use sophisticated techniques such as phishing attacks and advanced password cracking methods to access your data, which can be sold later on the dark web. The thing on which all security experts agree is that you should use a unique and strong password for every account you have. It is understood that we subscribe to a lot of different online services and are forced to generate a lot of different passwords. The human memory cannot keep up with the dozens of usernames and passwords required for the different sites, which is why we use easy to remember passwords such as a pet’s name or reuse the same passwords across multiple sites. A simple solution would be to use a password manager. If money is a concern, there are some excellent password managers on the market that are free.
Cyberthreats continue to rise during the COVID-19 pandemic. But we can continue to be productive in our online work, studies and social lives and be cybersecure at the same time.
¹ https://www.engadget.com/fbi-cybercrime-complaints-increase-fourfold-covid-19-091946793.html
² https://news.stanford.edu/2020/06/29/snapshot-new-working-home-economy/
Dr. David Sikolia
David Sikolia
Dr. David Sikolia joined the Management & Information Systems Department in 2018 as Clinical Assistant Professor. He holds a PhD in information systems from Oklahoma State University, as well as a master’s degree in information systems from Baylor University and a BS in computer science from Africa Nazarene University. Prior to his move to Starkville, he served on the faculty of Illinois State University. Sikolia has several years’ experience developing and teaching cybersecurity courses. His research interests include information assurance and security and the use of Grounded Theory Methodology.
