Online life risks: how to increase security

The digital revolution has reached its most incredible moment of acceleration during the pandemic, both in business and private sectors. As a result, we are all exposed, companies and individuals, to greater risks

17 Sep 2020

From lockdown onwards, distance learning, smart working, ecommerce, virtual events, conference calls, telemedicine, entertainment and a whole range of activities have all become digital, even happy hours. 

According to Sandvine (source: The Global Internet Phenomena Report ), which has published a six-monthly traffic analysis since 2011, global traffic growth was 40% during Covid. It should be kept in mind that all major streaming platforms have adopted (voluntarily) quality reduction policies, failing which traffic would have been even higher. 

The Internet has saved what can be saved, in this global disaster, which is not yet over, and is likely to last as an emergency for the whole of 2020, and perhaps even drag on into 2021. 

By the way, our life has become much more digital and therefore we are much more exposed to cyber risks. 

Since the year began, attacks have multiplied. The latest warning is no less than Interpol reports an increase in cyber attacks in 50 countries, targeting mainly governments and health institutions, which even attacked the WHO website last March. 

Among the most common attacks, Interpol reports fraud or phishing to retrieve personal data or access credentials to online services, with cybercriminals using accounts built to simulate communications from health authorities or public institutions. Malware is followed by ransom requests to unlock devices and registration of “malicious” domains using keywords such as “Coronavirus” or “Covid“. In these cases, explains Interpol, there is an evolution in the choice of targets to “maximize the damage and financial gain”.  Pirate sites, the agency explains, attract users in search of medical equipment or Coronavirus information” to obtain personal information and credentials, or to spread fake information. 

The Report on cyber threats in 2020 in Italy prepared by Exprivia’s Cybersecurity Monitoring Centre reports that June was the month where most attacks, incidents and privacy violations against companies, individuals and public administration have occurred since the beginning of the year. 

Analyzing 40 public information sources it was found that between the first quarter of the year (when there were 47 attacks) and the second quarter (171) the increase was more than 250% with a peak in June (86 attacks); thanks to the increase in smart working, a greater connection to social networks during the emergency and the reopening of industries immediately after the lockdown. 

Most of the attacks are related to the Coronavirus emergency and more than 60% of the episodes caused data theft with a triple-digit growth compared to the first quarter (+ 361%), far outweighing both privacy violations (11% of cases) and money losses (7%). 

Scams using phishing and social engineering techniques also quadruple (+307% compared to the first quarter, more than 37% of cases), which deceive the user by leveraging “bait” messages via email or sneaky techniques via social networks to steal financial data (the account or credit card number) or steal access codes to services to which the person is subscribed. 

Is there any way to increase online security? 

Of course yes, both on a corporate and personal level. 

At the corporate level, a recent Proofpoint survey revealed that 85% of Italian CISOs recognize employees as the main cause of vulnerability to cyber attacks, need a cultural change and a lot of training. Companies must take steps to prevent attacks, and this is done both through the use of particular IT infrastructure and systems, and by increasing employees’ responsibility for cybersecurity risks and the appropriate use of different communication channels. 

For example, according to the firm, of the 7 main types of threats to businesses, 5 are email-related. Phishing (39%) was the most reported attack, followed by business compromise – BEC – (28%), internal threats (22%) and credential phishing (22%). BEC attacks together with cloud account compromise (15%) are the most expensive threats for companies and affect reputation, data loss, business interruption. Yet it takes little to be able to recognize these threats and make them harmless. 

But of course, in a future of smart working, there are also special IT procedures that companies need to adopt to secure terminals and streams of data, documents, etc. that are digitally transmitted from the employee’s home and not the office. It is necessary to make secure the employee’s connection, their network and wi-fi, to give directions and perhaps appropriate software to connect safely from anywhere, provide settings, antivirus and anything else of the devices supplied. 

How should the private user respond? 

Very similarly, in a list of do’s and don’ts we could put among the first ones to be constantly informed and distrustful; among the second ones, to be lazy, neglected and automate behaviors (think before clicking!). 

The rules of all time don’t break even in the Covid era: use secure connections (not public ones), use complex passwords and change them often, shop from secure sites, check the privacy settings of the sites and socials we use and set them in the way we think is safest for us, don’t download files sent from unknown emails and don’t open .exe files if we are not absolutely sure where they came from, don’t share personal information and sensitive business or personal data about socials. If you have never used antivirus, now is the time to start. 

Maybe you have already heard it, but repeat iuvant: look with suspicion at any email that quotes or refers to Covid, coronavirus, etc.; it is certainly a cyber attack an email that asks you for sensitive data, passwords, account numbers, etc. 

Cyber security is also a “hot topic” for the European Union. 

At the end of July, the European Commission presented the new security strategy 2020-2025, designed to overcome the separation between online and offline security and to deal with the subject as a whole, because, as the Commission points out, we are now facing ‘cybercrime-as-a-service’. 

The increasing benefits that digital technologies bring to our lives have made cyber security a matter of strategic importance. Homes, banks, financial services and businesses (especially small and medium-sized enterprises) are heavily affected by cyber attacks. The potential damage is further multiplied by the interaction between physical and digital systems: any physical impact is bound to affect digital systems, while cyber-attacks to computer systems and digital infrastructures can disrupt essential services. 

The rise of the Internet of things and the increased use of artificial intelligence will bring new benefits and a new set of risks. Our world relies on digital online infrastructures, technologies and systems that allow us to create business, consume products and enjoy services. Everyone relies on communication and interaction. Online dependence has opened the door to a wave of cybercrime. 

‘Cybercrime-as-a-service’ and the underground economy of cybercrime allow easy access to online cybercrime products and services. Criminals are quickly adapting to use new technologies for their own purposes. For example, counterfeit and falsified medicines have infiltrated the legitimate pharmaceutical supply chain. The exponential growth of online child pornography has demonstrated the social consequences of changing crime patterns. A recent survey showed that the majority of people in the EU (55%) are concerned about access to their data by criminals and fraudsters”. 

According to the Commission, one of the most important long-term needs is to develop a culture of cybersecurity integrated into products and services (cybersecurity by design). An important contribution in this sense will be the new cybersecurity certification framework under the Cybersecurity Act, which already provides for two certification schemes and others will be defined during this year. Among the other measures in the pipeline, a Joint Cyber Unit will be set up to provide structured and coordinated operational cooperation to Member States. 

Cybersecurity is one of the reference items of the seventh edition of the international contest promoted by BNP Paribas Cardif in partnership with InsuranceUp, this year focusing on Next Normal, the future after the pandemic. Innovative ideas, solutions and products are sought in all areas of people’s lives.  Applications are open until September 30th, here the website for applications. 

All rights reserved

Articolo 1 di 3