Work from home revolution during coronavirus pandemic powers spike in cybercrime, new PwC report says
Our work from home revolution has powered a spike in cybercrime, costing consumers more for everyday products and dragging billions of dollars out of the economy.
“The attackers have taken advantage of the situation,” said Nicola Nicol, partner at consulting firm PricewaterhouseCoopers (PwC).
“Attackers have started to look to take advantage of employees who are working from home and perhaps not thinking about security in the same way they would do in an office environment.”
Breaches cost companies an estimated $7.6 billion in the last financial year as COVID-19 forced employees out of skyscraper towers, suburban offices and factories.
And experts expect the eye-watering impact to rise.
“That’s a significant number and really in a lot of that cost there needs to be passed onto the consumers through increases in the price of products and services,” Ms Nicol said.
“And we are seeing an expectation than attacks will continue to increase.”
The need to stop the spread of coronavirus forced millions of employees — particularly computer-bound office workers — to work from home in March and April.
Victoria represents a quarter of the economy and the directive from health officials remains the same as it did then: if you can work from home, you must.
The months between April and June saw a 65 per cent increase in cybersecurity incidents, according to PwC’s 2021 Global Digital Trust Insights survey of thousands of business, technology and security executives from large companies.
Workers swap secure servers and buildings for kitchen tables
An astonishing number of employees moved quickly this year from working on computers linked to secure servers, inside buildings protected by pass cards and gates, to performing vital business roles from their kitchens and bedrooms.
That shift was always going to be an opening for malicious and opportunistic cybercriminals, according to University of Melbourne senior lecturer in computing and information systems Suelette Dreyfus.
“You’ve got IT departments in big organisations … they used to have a thousand people in a downtown office,” Dr Dreyfus said.
“Now they’ve got a thousand people they’ve got to manage at kitchen tables from Wagga to Wonthaggi.”
The difficulty is not just limited to the greater opportunity for hackers and criminals, but the dispersed pool of workers, and a spread of devices and connections accessing valuable business information previously held on much tighter terms.
“You’ve got many more ‘BYO devices’, home devices, little Angus who’s 15 years old who’s been on that device playing games that he’s downloaded from the internet — and God knows what else,” Dr Dreyfus said.
“You have problems people using their wi-fi from home maybe they haven’t updated the firmware on their wi-fi devices for five years — that’s a security risk.”
The threat of cybercrime is not isolated, or cheap.
In June, the Federal Government announced a to boost the cybersecurity capabilities of the Australian Signals Directorate (ASD) and the Australian Cyber Security Centre (ACSC).
More than half of malicious attacks conducted by financially motivated criminals
And cybercrime is not perpetrated by curious teenage ‘hackers’ breaking into computer systems for thrills.
“International industry research actually shows that more than half of malicious attacks are financially motivated,” said Dr Dreyfus, who in 1997 wrote the first major book about hacking in Australia with WikiLeaks’ founder Julian Assange.
“These are professional criminals.”
In the past year, ransomware attacks have , logistics company Toll, Service NSW, , money management company MyBudget and the hot strip mill of .
Attacks even shut in February.
Ransomware is malicious software that goes inside existing computer networks. Once in, it steals information from your computer and demands a fee for it to be returned or stops the system from working until a ransom is paid.
Attacks on cloud-based services, ‘disruptionware’ slamming critical systems and disinformation caused by deep-fakes — almost flawless digitally faked videos and images — are the issues expected to hit most frequently in 2021 by survey respondents.
Ransomware attacks and state-sponsored attempts to harm critical infrastructure are also considered ‘likely’.
PwC’s Ms Nicol said the cost could be put in stark perspective: if we did not have to spend this money on cyber-incidents, our gross domestic product could be 1 per cent higher.
The firm’s figures do not take into account the impact of cybercrime on individuals, such as identity theft, rental scams and fraudulent services that impersonate government agencies.
What you can do to make yourself cyber-safe
The good news is that the surveyed organisations expect to spend more money and pay more attention to the problem.
The better news is that it is cheap, often free, to better protect your business and personal accounts.
Dr Dreyfus suggests some simple steps:
- Have ‘full disc encryption’ (FDE) turned on
- Always have a passcode on your phone
- Use two-factor authentication. For example, requiring a text message to your phone to get access to social media accounts on your computer
- Get password manager software
- Update your software regularly
“And don’t reuse passwords,” she said.
“That’s a bad idea.”