Phishing in A Crisis: Employee Training Minimizes Risk

Cyber ​​criminals rub their hands together, especially in times of crisis. Because: now insecure employees and weakened companies are easy prey. Companies can counteract this with targeted prevention and awareness-raising for IT security issues and thus reduce the risk of a costly cyber-attack using tactics such as social engineering and phishing in a crisis.

 

Cyber ​​attacks in The Crisis as An Economic Danger

It was only at the beginning of the year that the GEDIA case clearly showed the consequences companies have to struggle with when cybercriminals and hackers manage to gain access to sensitive data. The automotive supplier was the victim of a phishing attack, as a result of which it had to shut down all its systems and send the workforce on vacation. The attackers demanded a ransom payment worth millions and after GEDIA refused to pay the sum, published sensitive company information - including account and credit card details and business emails. The corona the crisis that immediately followed hit the automotive industry particularly hard and although the company itself did not comment on the extent of the incident, it is now assumed that losses totaled millions.

The American travel company CWT, which caught the hacker's crosshairs in the middle of the crisis, had a similar experience. Around 30,000 computers were infected and around two terabytes of sensitive data were encrypted. The bizarre thing about this case: In a chat with the hackers, CWT was able to negotiate the ransom amount from just under 10 million to 4.5 million dollars. Given the circumstances, a considerable sum for the weakened company.

That Is Why the Crisis Is a Festival for Hackers

In the Corona crisis, for example, significantly more cyber attacks were recorded than before. According to ENISA, the frequency of phishing emails increased by over 600% between February and May 2020. Phases of economic uncertainty are of particular interest to cybercriminals in many ways:

Insecure Infrastructure

As was exemplified by this year, new technologies are often introduced abruptly in times of crisis, for example, to enable employees to work from home and thus remain economically viable. Or resources for IT security are reduced to save costs. Any safety precautions are neglected or get lost in the chaos of the restructuring.

Human Uncertainty

In times of crisis or during restructuring, responsibilities may not be clear and there are hardly any guidelines for behavior in new work models. The home office was introduced to around a third of German employees during the corona crisis. Employees unsettled by this realignment are a particularly good target for social engineering attacks.

Lack of Expertise

Cyber ​​security experts and awareness specialists are an additional cost the factor for many companies in a crisis and especially in restructuring phases that they cannot afford. If the right expertise is missing, the responsibility for IT security still rests entirely with the employees, who are often not adequately prepared for it.

In the interplay of all these factors, cybercriminals have an easy game and can deliberately abuse the unsettled employees for their own purposes and attack weakened companies. You position e-mails that manipulate emotionally and thus manage to provoke clicks - with often fatal financial consequences.

Cybercrime and Corona: The Crisis in A Crisis

A survey by the DIHK showed that four out of five German companies are expecting significantly lower sales this year due to the Corona crisis. Cyber ​​criminals see their chance in such situations - they know exactly which companies are susceptible to phishing and other cyber attacks during the crisis. The travel industry, for example, has been hit particularly hard, with sales falling by 95%. The hacking attack came at a bad time for the tourism company CWT. This is precisely why companies should take preventive IT security measures at an early stage to avoid serious damage in the midst of an already tense situation.

Smaller companies in particular fear a decline in sales of more than 50%. To put these numbers in relation: A successful phishing attack results in costs that not only have to cover the downtime, but also the repair of the damage. For a company with an annual turnover of 20 million euros, a total of more than 6.5 million euros can result, according to an exemplary Bitkom invoice. Ransomware brings already ailing companies to the brink of existence during the crisis.

Create Awareness and Prevent Phishing in Times of Crisis

However, companies can minimize this enormous financial risk by preventively sensitizing their employees to IT security and thus preparing them for potential cyber-attacks. Because only the interaction with phishing emails leads to damage. Well, thought-out awareness measures reduce click rates by 50-70%, which also reduces the potential damage by more than half. With a digital awareness solution, companies can thus save costs for any damage without internal expertise or capacities and train the workforce continuously and effectively even in remote work mode. For example, Protegent360's Antivirus offers a fully automated training platform that sensitizes employees in a resource-saving manner and supports them in behaving safely in the home office.