(StartupStockPhotos / pixabay)
Cybercriminals are opportunists, exploiting major news events to take advantage of the unsuspecting. The COVID-19 pandemic has been no exception. Over the past few years, criminals have ransomed millions of dollars from businesses using increasingly foolproof hacking tools as well as social engineering and phishing schemes.
Of particular concern, financial services and insurance institutions have experienced the largest rise in ransomware cons and phishing tactics. Using these schemes, hackers blocked access to data or threatened to publish private information unless the business paid the requested price, or they used information gleaned by phishing to launch a corporate cyberattack.
More than half of the incidents involved “misdelivery” attacks where a scammer fooled victims into disclosing sensitive information. Stolen credentials and credential “stuffing,” in which stolen info from one site is used to breach accounts on another site, were also prevalent.
Several challenges facing businesses and corporations today were directly influenced by the COVID-19 pandemic. Those difficulties include:
The first half of 2020 saw a 72% rise in ransomware campaigns. Newspapers across Ohio in counties like Montgomery, Licking, and Columbiana reveal that ransomware attacks can hit close to home.
In their 2021 Data Breach Investigations Report, Verizon figured the median loss from nationwide ransomware attacks to be $11,150, with a range of $70 to $1.2 million. Although the Verizon data does not differentiate between individual and organizational victims, small organizations tended to lose small amounts, and larger organizations lost more substantial amounts from ransomware attacks.
Using a sampling of data on breaches for which they had cost information, Verizon simulated the potential costs of being hacked by ransomware. Including a 5% devaluation of the company after a publicly embarrassing data breach, the most common (95%) figures a company could stand to lose ranged from $800 to $650,000.
Most attacks fall into one of three categories:
Your company’s IT Security team is your go-to for any questions you have regarding the technology you are using, but there are some things you can do as well to ensure that a breach does not occur on your end. To avoid putting yourself or your organization at risk, watch out for these commonly used lures:
❖ “Updates” to consumer social media applications and enterprise collaboration software
❖ “Free” downloads for in-demand technology solutions such as video conferencing platforms
❖ Information regarding the purchase of hard-to-find COVID-related vaccines and supplies (disinfectant wipes, hand sanitizer, etc.)
❖ Offers of monetary government assistance (hackers have mimicked government agencies)
If in doubt, play it safe and check with your IT team first. Be aware of their best-practices guidelines.
Having a set of instructions to follow in case a breach occurs is a great way to establish emergency preparedness within your organization. If no procedure currently exists, work with your employer or IT department to create one.
Next, educate employees on the necessary steps to take and how to access the list of contacts and procedures to ensure that precious time is not lost if someone discovers that the organization's network was compromised.
Your company’s hacking emergency “playbook” will be specific to your organization’s setup and requirements. Make sure you and your department know your roles and responsibilities in the security plan.
However your organization chooses to establish the emergency plan, make sure you and your accounting department know your roles and the appropriate points of contact.
Stay up-to-date on current events influencing the accounting profession, including cybersecurity, by enrolling in our on-demand, free CPE courses for Ohio accountants.