Phishing schemes cast a wide net during a crisis
The Identity Defined Security Alliance (IDSA) has released a survey of IT professionals that spotlights the growing importance of identities, and the vulnerabilities they create in the workplace. Basically, what this means is an expansion of connected devices, user accounts, and therefore greater likelihood that hackers will compromise any number of these accounts.
According to the study, almost all IT professionals (94%) have experienced a breach of this type at their organization, most within the past two years. Virtually all of them believe them to have been preventable occurrences. More than half of the respondents cite phishing as the primary cause, which aligns with the trends we’ve seen in recent weeks toward a rise in COVID-related phishing schemes. Scammers will often pose as hospitals or patients to trick people into offering up their personal information. Once they get them, it’s a data breach, and then it’s on to their next phishing trip. Proactive measures are the way forward here, and are shown to have a demonstrable effect on curbing the rate of these data breaches.
While this sort of phishing for people’s identities has indeed surged during the pandemic, there are other trends vying for attention, and it’s equally concerning. Though many people are able to work remotely, a great number are out of work entirely for the time being, and must go on unemployment. With that number rising all the time, it’s not surprising that cyber criminals would make unemployment systems one of their current targets. Several states have recently reported trouble with their unemployment programs. Arkansas saw its entire Pandemic Unemployment Assistance system shut down thanks to a breach by an applicant. Other applicants’ private information was also exposed as a result. Similar incidents have occurred in Washington and Illinois (though the latter was possibly a glitch), exposing Social Security numbers and seeing an increase in imposter claims.
Unfortunately, these are the kind of data security issues people are facing, on top of a global pandemic. I personally expect to see more of them as the situation continues. Though a few might have pledged early on not to go after hospitals, it would be naïve to expect hackers not to take advantage of new targets in a crisis. That’s why it’s extremely important to be vigilant for phishing and other disruptive attacks; that goes for both individuals and the state unemployment programs on which they’re depending.