Covid-19 pandemic creates new cyber threats

The Covid-19 pandemic has created opportunities for cyber criminals looking to exploit the atmosphere of fear surrounding the outbreak of the virus, according to CGI head of cyber security Richard Holmes.

Speaking at a recent Insurance Times webinar, sponsored by CGI, Holmes said that cyber criminals were using the Covid-19 pandemic to target individuals who may have financial or health-related worries in order to get them to fall victim to a phishing attack.

“In some ways, the Covid-19 pandemic has provided the perfect opportunity for those bad actors to swing behind that,” he said. “It’s not that there are more bad people out there, it’s just they have changed their tactics.

“Whether it be about making claims for tax relief or holiday refunds or getting test results, we have seen a big shift in approaches by these phishing companies, and it has become a real numbers game around trying to tempt people to click on those links that they shouldn’t.”

The situation has also been exacerbated by the rise of homeworking in response to the pandemic - Holmes said the speed of change in this area has created a new set of vulnerabilities for businesses to contend with, as well as increased the risk facing the insurance industry.

“The move to homeworking happened over a very short period of time and that put a lot of new emphasis on remote access for organisations to give access to their systems and information to their employees more remotely,” he said. “That will have driven a move to people using their own devices more, particularly for those organisations that didn’t have deployed infrastructure already.

“And those changes obviously changed the attack surface, if you like, and there are now a lot of different vulnerabilities out there and that creates a different set of considerations [for businesses to contend with].”

Mark Hawksworth, global technology specialist practice group leader at Sedgwick, agreed. He said that the move to online web platforms had created a number of issues for cyber insurers, particularly if businesses are not using the right security tools.

“We’ve seen a big increase in the use of [Office] 365 and the issue there is changing from internal to web-based platforms,” he said. “The problem has been that credentials have not changed to follow suit and we’ve seen a number of web-based email accounts compromised, leading to increased cyber fraud.

“These platforms do have security tools built in, but they tend to be switched off as standard, although this can be checked with a secure score built into [Office] 365, which end users should look at if they’re moving to this platform.”

Increasing Severity

CFC Underwriting’s cyber development leader Lindsey Nelson added that since the pandemic started, she has seen an increase in the severity of events reaching her claims teams.

“The severity [of these claims] is often much more than it was the year prior and that’s the impact of weaker security controls and cyber criminals carrying out more targeted attacks,” she said.

“There’s a data exfiltration component where they know they can demand larger amounts of ransoms because they’ve got confidential information they can threaten to release to the public.

“There’s a number of factors involved with that, but essentially cyber criminals are staying alert through all of this and really doing their research to get the maximum monetary amount from their victims.”