Since the coronavirus hit the U.S. in full force in March, spam emails are up 6,000%. This data from the head of IBM’s X-Force Threat Intelligence, Wendi Whitmore, showed the scale of the opportunity provided to scammers by the pandemic and resulting economic crisis.
The surge is, in part, connected to the high numbers of people working from home. Compared to last year at this time, breaches are up 175%.
“Breaches are occurring at a huge volume on a daily basis,” Whitmore told Yahoo Finance.
Since the lockdowns began, cybersecurity experts began to worry that it would be easier for attackers to compromise security systems. The fear of the pandemic, financial stress, and other distractions at home turned workers into ripe targets for scammers, as stress lowers people’s guard to tactics like phishing.
In the case of workers using VPNs, some experts see them as the perfect way to get a bad actor into a company’s network, likening it to a hypodermic needle. All an attacker needs is a few employees to click on some malware, perhaps from an email or a fake resume and they could be in — and some cyber experts even speculated that attackers might target unsecured Wi-Fi networks.
IBM’s fifth annual Cyber Resilient Organization Report found this is an especially risky time, and Whitmore told Yahoo Finance that this matched with what her team is seeing in the field.
Companies are doing more on security, but often the defenses for these more acute threats are not enough.
Around 51% of organizations have experienced a significant disruption because of a cybersecurity incident, according to the study, but there remain issues about how companies see defense. Whitmore said companies often buy defenses and expect them to work without integration or continued attention to defense measures.
“Tools must be part of the business process,” said Whitmore, noting that while cloud computing has been a positive, it’s also muddled the company’s understanding of who is responsible for guarding data — and that companies can figure out access issues if the data isn’t hosted on the company premises.
Right now, Whitmore said, one unique threat has emerged: interest in theft of intellectual property related to Covid-19 vaccine and testing information, the scale of which is on a nation-state level.