In times of crisis a cyber-attack can paralyse the functioning of organizations.
In times of crisis a cyber-attack can paralyse the functioning of organizations. Widely shared by the media, last week's cyber-attack on The University Hospital Brno speaks for itself. Part of the IT infrastructure has collapsed, all computers had to be disconnected, and scheduled patients´ operations could not be performed as their medical data was stored on the computers.
Cyber security is still one of the resonating themes in the current situation caused by the global pandemic COVID-19; even more that many companies have shifted a large part of their employees to “home office”. In addition to the related technical problems, the vulnerability of systems has also increased due to possible human error. What threats are lurking in cyberspace for “home workers”?
Using baits, mostly in email communication, phisher tries to lure from user a sensitive information, such as passwords or user login, or tries to direct victim to do an activity that he would not otherwise have done. An example might be a request – please, send me a list of our clients by e-mail, I need it urgently and I don´t have access to the company. Or: please, make a quick money transfer to this supplier´s account, he has no money and if he terminates, we cannot realize our production next month ...
With regard/respect to the protection of sensitive personal data you also need to be aware of fake emails from trusted institutions such as the World Health Organization (WHO). Be careful about emails from unknown senders appealing for immediate action (e.g. click here to support health care professionals, buy unavailable protective equipment, etc.), although at first glance they are for good cause.
Despite the increasing sophistication of today's attack methods, phishing, as a simple to "archaic", is still one of the most commonly used method. The main reason is that it is still not easy to defend against this attack method. There is no perfect tool or monitoring platform to protect forever and reliably your employees from this threat. Even in the technologically advanced times (or because of it), companies must not underestimate the role of the human factor in security. One useful step is to communicate to employees about the possible threat of phishing with an appeal for caution.
Do not hesitate to contact me in case of any questions about this topic - Pavol Adamec, Risk Consulting Executive Director
© 2020 KPMG Slovensko spol. s r.o., a Slovak limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.