How has Covid-19 impacted cyber security?

It’s a sad fact of life that unscrupulous criminals will use difficult or challenging situations to their own advantage and prey upon the vulnerable, or even just the distracted amongst us. The healthcare sector is under threat of increasingly sophisticated cyber-crimes now more than ever, in these unprecedented times.

With more of us working remotely, possibly using personal IT and relying on host-based security protections, there has been an increase on cybercrime attacks, with many of those having a Pandemic theme. According to Computer Weekly, Coronavirus may be “the largest-ever global security threat ever faced” and the UKs National Cyber Security Centre (NCSC) latest annual review revealed that 28 % of incidents they handled in 2020 were related to coronavirus, with over 160 high-risk and critical vulnerabilities being identified to the NHS alone¹.

Worldwide issue

By the summer of 2020, nearly 20 countries were seeing COVID-19-themed lures, some even impersonating the World Health Organisation itself.²During the height of the pandemic in March 2020, healthcare organisations, received approximately 16% more malicious messages associated with these campaigns, compared to other industries, according to the Healthcare threat landscape report.

Personal emails are also under attack. During the Coronavirus pandemic in 2020, scammers sent over 18million hoax emails about Covid-19 to Gmail users alone. Police data analysed by cyber security company Nexor, from May to June 2020 shows that cybercrime was up by 31% and of that increase, 53% was attributed to socially engineered crime, amounting to a cost of £2.9 million in the UK³.

Andy Riley, executive director at Nuspire, which provides cyber security for health companies globally, is quoted as saying “The Covid-19 outbreak represents a ready-made pretext for cyber criminals to socially engineer. It is the perfect time to hold an organisation that is already overtaxed with patient flow and uncertainty to ransom.”⁴

Social Engineering- where (or rather who?) is the weakest link?

Today’s cyber-attacks target people, not just technology. According to IT Governance⁵“As technological defences become more robust, cyber criminals are increasingly using social engineering techniques to exploit the weakest link in the security chain: people!”

Social engineering involves manipulating and tricking individuals, relying on human error to gain valuable information and/or access to systems. Phishing is the most common technique employed, along with the more targeted spear Phishing, Vishing, Pretexting, Baiting and Tailgating. A sophisticated form of Phishing, called BEC (business email compromise), is on the increase, where cybercriminals mimic internal emails to ‘authorise’ payment of seemingly genuine invoices or fund transfers. Social engineers use a variety of means – both online and offline – to con unsuspecting users into compromising their security, transferring money or giving away sensitive information.

Security experts agree that there will be an increase in targeted campaigns sent to individuals, knowing that it takes just one employee to open a bad link. Using information gathered from a variety of sources, cyber criminals can create very compelling lures, making the victim an unwitting helper in enabling them to infiltrate networks or secure large fraudulent bank transfers.

Human error caused 90% of UK cyber data breaches in 2019, according to a CybSafe analysis of data from the UK Information Commissioner’s Office (ICO).⁶Furthermore, the 2017 IT risk Research Lab report by Netwrix revealed that ‘56% of healthcare organisations think that their employees pose bigger threats to security than anyone else.^7’

Employees play a vital role – training is important.

Impostor-style attacks can be hard to detect with conventional security tools. The NCSC (National Cyber Security Centre) urges employers to take strong measures on security, especially with the increase in home working and they recommend that you need to train your employees on how to spot and report malicious emails, and you need to adopt a corporate culture that will encourage victims to report incidents as soon as possible, so you can act upon the threat quickly. This is in line with ICO guidelines on self-reporting^8.

Your employees need to be aware of the typical tactics employed, such as a sense of urgency, masquerading as trusted entities or well-known brands, or even suppliers, or spotting themes that take advantage of natural curiosity or belief in authority. It is also recommended that you identify who within your organisation may be targeted and who may be especially vulnerable.

However, even if you do maintain good cyber security protocols and awareness within your business, it requires a multi-level approach and unfortunately people do still get caught out.

It’s not just about Malware.

It is clear that as Cyber-attacks now involve more social engineered tactics, they become even harder to detect and it’s not just valuable patient data that is at risk or being held to ransom via malware threats. Although ransomware continues to be problematic for the healthcare industry, other aspect of threat include access to Intellectual Property, Personal Health Information and confirming payment details for fake invoices. Other avenues Cyber criminals exploit are via third party organisations with digital connections, such as pharmaceutical suppliers, researchers undertaking clinical trials, and even charities.

So how do you protect yourself financially from Cybercrime?

Don’t assume that your existing practice cover will protect you fully. Becoming a victim of a cyber attack could mean large pay-outs, and you may need to recover losses, secure your network, plug the gaps, and get your systems back on track. You may even need to cover PR costs to mitigate reputational damage.

Cyber insurance (or cyber liability as it is often referred as) is specifically designed to protect you against this ever-growing modern-day risk. It ensures that your practice is protected if it becomes the target of a host of cyber incidents such as an attempt to extort, or steal sensitive information from your business, defraud the business out of thousands of pounds or simply halt your operations by means of I.T sabotage.

Fortunately, Lloyd & Whyte can provide you with comprehensive cover against cybercrime. We work closely with several insurance providers who can provide protection and helpful tools and guidance.

All of the insurers we work with offer a dedicated incident and cyber response helpline. These helplines are available 24/7 so you are able to react to a cyber-attack quickly and effectively.