Make no mistake: Cyberattacks have increased exponentially in the wake of the COVID-19 pandemic. No one is immune and no one is safe. If you believe differently, witness the recent ransomware attacks on Colonial Pipeline and JBS USA Holdings, which is the world’s largest meat processors.
The increase in ransomware attacks is largely focused on corporate security. Since the pandemic began, the FBI has a reported a 300% increase in cybercrimes over the same time period in the previous year. What’s more, ransomware attacks against businesses are now occurring every 11 seconds, according to SafeAtLast, with the average paid ransom roughly $233,217. The global cost this year? More than $20 billion.
Why the Spike?
Most corporate IT departments are still grappling with the workforce disruption caused by COVID-19, as many office workers started working from home. This put great demands on corporate IT systems, and IT departments have been distracted ever since. In fact, immediately after the World Health Organization declared a global health crisis in February 2020, the spike in cyberattacks began. Microsoft reported an eleven-fold increase in cyberattacks between April 2020 and May 2020 and are now at a level out at 20,000 to 30,000 attacks per day in the U.S. alone.
Colonial and JBS aren’t the only corporations making cyber headlines. Consider these three highly publicized attacks:
- Chicago-based CNA Financial was attacked in late March and paid a ransom of $40 million – one of the biggest ransom payments on record. The hackers were out to steal CNA’s client database, not only to blackmail the company itself, but also to target clients who had purchased cyber insurance.
- Cognizant was the victim of a ransomware attack in April 2020 and estimated its losses between $50 million and $70 million.
- Clop – a group of ransomware cybercriminals –attacked Software AG, a German conglomerate with operations in more than 70 countries, threatening to dump stolen data if a $23 million ransom wasn’t paid. The company says it is still recovering from the October attack.
Cyberattacks Aren’t Going Away, Either
By one company’s estimates the cost of cybercrime will reach $10.5 trillion by 2025, according to Cybersecurity Ventures. This will make cybercriminals, as a whole, the third greatest “economy” in the world, behind the U.S. States and China.
Certainly, we must do more to protect our corporate networks – both from cloud-based attacks and physical attacks. While the spate of attacks over the last year have largely been by cybercriminals using such social engineering tools as phishing emails, our corporate networks remain vulnerable to an unassuming employee plugging an infected device into a corporate computer’s USB port.
While much remains to safeguard against cloud-based threats, we should not overlook the importance of locking our computer and network ports so that they cannot be used a point of entry for ransomware, malware, and viruses.