Can't find what you're looking for?
View all search resultsCan't find what you're looking for?
View all search resultsOrganizations should incorporate tactical operations techniques such as “observe, orient, decide and act”.
OVID-19 has triggered a storm of panic, disruption and widespread technological upheaval that constitutes the perfect breeding ground for cyberattacks. While the world has been hunkering down and staying at home, hackers are busy sniffing out new opportunities and new vulnerabilities.
Since February, when the outbreak went global, there has been a 4,300 percent jump in coronavirus-themed spam, according to a recent study by the Ponemon Institute and IBM. “Cybercriminals are using the coronavirus outbreak to drive their business, with virus-themed sales of malware assets on the dark web and even virus-related discount codes,” the study reports. “They are also rapidly creating domains. COVID-19-related domains are 50 percent more likely to be malicious than other domains registered during the same time period.”
The hidden threat comes from a big increase in the number of phishing attacks masquerading as messages from legitimate organizations, such as email phishing attacks purporting to come from the World Health Organization (WHO). Unavoidably, we have also seen data breaches in Indonesia amid the pandemic as reported in the media.
The concern is that many people forced to work from home lack the secure equipment and protocols that enable digital safety. With newly remote employees accessing corporate networks via personal devices, hackers are probing Wi-Fi configurations and Virtual Private Network (VPN) connections for security vulnerabilities. And as people congregate on cloud-based productivity platforms – both for work and personal reasons – malicious actors are launching schemes to exploit the situation, including hacking into and disrupting live meetings.
The tendency toward ad-hoc decision-making during crises only accelerates the opportunity to leak data or compromise business operations. The potential impacts are more dangerous, too. A distributed denial-of-service (DDoS) attack, for instance, can be far more damaging in an operational environment that is already strained for capacity than one launched when additional capacity is readily available.
However, in an interconnected digital world, one weak link is enough to offset the balance. Most organizations in Indonesia and worldwide are ill-equipped to handle a major cybersecurity incident, much less during a global crisis such as a global pandemic. The Ponemon study found that 76 percent of companies did not have an incident response plan applied consistently across the organization.
About 25 percent reported not having any crisis response or mitigation plans, or Cyber Security Incident Response Plan (CSIRP). An effective CSIRP would cover governance and communications practices and define how crisis response would be handled across the firm, including strategy, technology, operations, community and government relations.
Share your experiences, suggestions, and any issues you've encountered on The Jakarta Post. We're here to listen.
Thank you for sharing your thoughts. We appreciate your feedback.
Quickly share this news with your network—keep everyone informed with just a single click!
Share the best of The Jakarta Post with friends, family, or colleagues. As a subscriber, you can gift 3 to 5 articles each month that anyone can read—no subscription needed!
Get the best experience—faster access, exclusive features, and a seamless way to stay updated.