The series of data breaches and ransomware attacks reported in 2020 have taught security practitioners that it is no longer a matter of “if” but “when” a cyber attack will occur. Regardless of size or industry, organizations need to keep their guard up and prepare for the unexpected.

INTERPOL confirmed that the pandemic has generated an increase in cybercrime, with malicious actors actively targeting large enterprises, government organizations, and critical infrastructures.

“Cybercriminals are developing and boosting their attacks at an alarming pace, exploiting the fear and uncertainty caused by the unstable social and economic situation created by COVID-19,” said Jürgen Stock, INTERPOL Secretary General. “The increased online dependency for people around the world, is also creating new opportunities, with many businesses and individuals not ensuring their cyber defences are up to date. The report’s findings again underline the need for closer public-private sector cooperation if we are to effectively tackle the threat COVID-19 also poses to our cyber health.”

The international organization warns that tactics deployed by malicious actors will grow in sophistication, while their attention may shift to Business Email Compromise schemes for fraud purposes. Some of the COVID-19 related scams identified in 2020 include online scams and phishing, disruptive malware, data harvesting malware, malicious domains, and misinformation. Several of these schemes posed as government or healthcare organizations, attacked critical infrastructures, and promoted “the illegal trade of fraudulent medical commodities.”

Just recently the CRA, Canada Revenue Agency, identified inventories of login data leaked on the dark web. It appears a third-party breach may have exposed users’ login credentials. However, the CRA was not the actual target of the attack.

As Flare Systems’ threat intelligence team warned last year, malicious actors often target third-parties (i.e. vendors and business partners) of hardened targets. Additionally, darknet data analyzed by our researchers show double extortion and third-party targeting are top tactics to maximize ransomware profit, as we do not exclude an increase in supply chain attacks in 2021.

According to Verizon’s 2020 Data Breach Investigations Report, 45% of the data breaches that occurred in 2020 involved hacking. Human errors and social attacks drove 22% of data breaches, while only 17% involved malware. External actors carried out 70% of attacks, while organized crime groups were responsible for 55%.

It is not exactly a surprise that 30% of cyberattacks were linked to internal actors, given that throughout the pandemic people have had to work from home. However, working from home is not the only security concern: 43% of breaches were caused by web applications. The COVID-19 pandemic has expanded the threat landscape, as organizations now have to face a wider range of risks. Management plays a big role in how security policies are written, implemented, and explained to employees to prevent human errors and insider threats.

Given that the projected annual cost of cybercrime at global level is estimated to be $10.5 trillion over the next four years, cybersecurity has to be a key priority for any organization. Although some CISOs may still have some convincing to do with their Board of Directors, the global investment in cybersecurity is estimated to reach some $174.7 billion by 2024, according to IDC. As far as critical infrastructures are concerned, this year alone is estimated to witness a $9 billion growth, nearing some $105.99 billion by the end of the year.

To convince decision makers to focus on cybersecurity, security executives will have to shift the focus of their pitch from threats and vulnerabilities to organizational risks and what these mean in terms of revenue. It is likely that cybersecurity will have to be presented from a financial perspective, respective an ROI (Return on Investment) angle. Once executives understand it is cheaper to fix a security issue than to later spend money on remediation and mitigation, they will get a better understanding why cybersecurity should be a priority.