During the COVID-19 crisis, cyberattacks, such as DDoS and ransomware/phishing attacks, have proliferated. These have been particularly acute in specific essential industries, such as healthcare, finance, energy, media and supply chain. The scale of these attacks can be devastating, as they can spread quickly and globally if undetected or unprevented.
No one is immune, and the list could go on:
- WHO suffered a phishing cyberattack in March.
- EasyJet exposed the personal information of 9 million customers in a “highly sophisticated” cyberattack on the airline in May.
- US Health and Human Services was hit by a DDoS attack in March.
- The Government of North Rhine-Westphalia in Germany may have lost tens of millions of euros after failing to secure its coronavirus emergency aid distribution website from phishing attacks and malware.
- Healthcare organizations and internet infrastructure companies appear to be popular targets for data breaches, in addition to the usual targets, such as financial institutions.
- An increase in malicious mobile app bots designed to flood websites with requests - once rare, mobile attacks are on the rise.
- Video conferencing sites are plagued by new scrutiny. Zoom privacy and security issues and misleading security claims have led to its use being banned in various companies, government agencies and school systems. Cisco’s Webex conferencing system suffered a phishing attack in April as well.
Remote threats imminent
The Zoom and Webex cases illustrate a major potential blindspot for businesses across industries. As a large proportion of the workforce continues to work remotely, threats continue to appear in ways both expected and unexpected. In addition to video conferencing vulnerabilities, businesses were not prepared to deal with the sudden surge in number of remote workers and the vulnerabilities they bring to the table, e.g., their unsecured home networks, poorly secured VPNs. In addition, many enterprises face providing large-scale access to legacy systems, such as ERPs, CRMs, accounting systems and intranets, that need to be both gated/secured and highly available without taking these systems down entirely, which were not designed for the influx of remotely accessed traffic.
Mitigating security concerns
Security rightfully sits atop the list of concerns for businesses that continue to operate during this period. Security is, of course, always a priority, but with the COVID9 crisis and a host of new security challenges, more businesses are considering security holistically and are looking at solutions that will help them mitigate both existing and emerging security issues.
To learn more about how Varnish can fit into and enhance the security methods you have in place and answer some of the most prominent cybersecurity threats, such as the DDoS attack, download our security white paper.