Issue 36 - September 2020
Raising our Guard
By Ángel Gálvez, Global Head IT Security
Covid-19 has been a litmus test for IT infrastructures, with many of us working away from the office for weeks. The rapid expansion of the pandemic has contributed to elevate the IT risk exposure – not just in our business. Very few companies in the world were ready to assimilate such a large number of teleworkers and responded rapidly, deploying remote systems and networks to support staff working from home. This scenario, coupled with reduced IT teams on duty – also caused by the rapid spread of the disease – has contributed to create “the perfect situation” for criminals to take advantage of.
Bigger Risk
Broadband providers have experienced a traffic surge between 30% and 50% across their mobile and fixed networks during the peak of the lockdowns, according to KPMG. Whilst most of this traffic spike was due to consumption of online entertainment applications, conferencing services (like Teams or Zoom), access to news apps and portals and remote workers were also behind this extraordinary rise of data usage. The increased online dependency for people around the world that the pandemic has created comes along with new opportunities for cybercriminals, as many businesses and individuals are not (or cannot) ensure their cyber defenses are sufficient or up to date. In the four-month period (January to April 2020) some 907,000 spam messages, 737 incidents related to malware and 48,000 malicious URLs – all related to COVID-19 – were detected by INTERPOL.
The Modus Operandi
Cybercriminals are taking advantage of COVID-19 and the new reality it has imposed: teleworking at peak levels and huge amounts of information — and misinformation — circulating the Internet. And much as these attacks are targeting large corporations, governments and critical medical organizations, all types of businesses and individuals are on the criminal’s radar screens.
Beyond going into the IT jargon – that we should be familiar with in today´s world – the way we are targeted is very simple and, in principle, naïve. Probably one of the most recognizable cases of the pandemic is that of July 15 when someone took control of several celebrities, business executives, companies, and politicians' Twitter accounts and conned people into sending Bitcoin to an account. But there are many more examples: suspicious links found in emails or WhatsApp messages, requests to validate our username and passwords (known as phishing) or teasing emails and links to pages with “breaking news” for a vaccine or a cure to the Covid-19.
Conclusion
Everyone is exposed to this risk, both at work and individual levels. From a work perspective, each of us have access to sensitive and confidential information that can ultimately be stolen. At the same time, we all are gatekeepers and have the duty of safeguarding our company from third party attacks. It does not matter how sophisticated our IT security systems are, if we don’t utilise our individual responsibility. A simple action, like clicking on a suspicious link, can open the system to criminals. And just as you wouldn’t leave a 100 Euro note unattended in the street, similar care should be applied to any IT infrastructure.
Understanding the risk is the solution. The COVID-19 pandemic is giving us many new learnings, and one of these is that we now know how vital cybersecurity is, especially in times when we are more vulnerable. That is why learning and understanding the best ways to protect you and Dufry's data is so critical nowadays.
In this url you will find some guidelines and recommendation for safe remote working – many of them also applicable to your daily life! From Dufry´s IT Security team our mission is to support all colleagues across the 65 countries where we operate, to ensure a safe IT working environment.
Thanks for helping us in this duty!