How COVID impacts cybersecurity incidents
Many cybersecurity incidents have, unsurprisingly, become subject to the influence of COVID. According to the UK’s National Cyber Security Centre (NCSC), more than 200 of 723 reviewed incidents qualify as being related to the pandemic. We’ve covered a fair bit in the past how phishing schemes exploit people’s worries over the virus to trick them into sharing vital data. Researchers from Barracuda Networks discovered 467,825 phishing attacks through last March, all seeking an angle to compromise legitimate accounts. Medical research is a primary target these days, as state-sponsored actors continue to probe other nations for vaccine information. This puts universities, hospitals, and other healthcare entities at risk of phishing. “Our research shows that a large number of universities don’t deliver cyber security training to staff and students, nor commission independent penetration testing,” says Mark Nicholls, CTO of Redscan.
Aside from these, remotely working employees have also become a big mark for hackers, as their personal machines and devices are unlikely to have sufficient protections. And if a cyber criminal can swindle the data they wanted out of an employee without any fuss, so much the easier.
The pandemic is also impacting data security news in other, unusual ways. Remember that story about the Marriott data breach a few years back? The one that lasted from 2014 until its detection in 2018 and impacted over 300 million guest records? It had been expected that the financial penalties for the hotel chain would be steep. Indeed, the Information Commissioner’s Office (ICO) last year suggested a fine of £99 might be inbound.
However, that was before civilization ground to a halt. With travel plans around the world cancelled, Marriott has taken a significant hit. As a result, the final sum, issued this week, is the substantially lower £18.4. In a statement, the ICO says that it “considered representations from Marriott, the steps Marriott took to mitigate the effects of the incident and the economic impact of Covid-19 on their business before setting a final penalty.”
In effect, the pandemic and travel stoppage mitigated what could have been an exorbitant penalty for the currently ailing company. It just goes to show how extenuating circumstances come in all forms.