Hackers find opportunity in pandemic, work from home setups
Photo | Grant Welker
Worcester homes
The very nature of work has changed for millions of people in the last seven months as the COVID-19 pandemic has blurred the lines between home and work, and employees have increasingly relied on their own technology and internet connections to carry out their jobs.
But as much as things have changed for many workers, it has been largely business as usual for the hackers who try to make a living by exploiting cybersecurity vulnerabilities. They're still out there and they're taking advantage of the pandemic to inflict greater damage, Stephanie Helm, a former U.S. Navy captain who serves as director of the MassCyberCenter at the Mass Tech Collaborative, said.
"Some things have not changed and those things are the hackers strive to lure people into clicking on a link of some sort that would allow them to download malware. So that was even happening when you were in the office traditionally. When you were at your desk, there would be a phishing attempt to try to get you to click on a link so they could get past your firewall," she said. "So those hackers are still out there and that part has not changed."
And now, with a lot of the work being done on personal laptops and residential internet connections, employees are responsible for taking on some cybersecurity functions that were likely handled by someone else in the physical office, like keeping anti-virus software up to date and installing the latest security patches, Helm said. To help, the MassCyberCenter earlier this month launched a public service campaign to provide tips for safe remote work.
Helm spoke with the News Service during Massachusetts Cybersecurity Month, which coincides with national Cybersecurity Awareness Month during October. She said hackers are taking advantage of the fear around COVID-19 and the uncertainty over the future path of the pandemic to make their phishing campaigns -- in which a hacker attempts to get someone to click on a malicious link masquerading as something relevant -- even more successful.
"It's sort of like they smell uncertainty in the air and they're taking advantage of it," Helm said.
From the end of February through late March, as the pandemic really ramped up in the Northeast, COVID-19-related phishing attacks increased 667 percent, cybersecurity company Barracuda found. That spike led the FBI to warn of pandemic-related phishing attacks and fake emails purporting to be from the U.S. Centers for Disease Control.
Last month, the review site Safety.com said Massachusetts ranked 10th among states in terms of the financial impact of cybercrime. The site said it used data from the 2019 FBI Internet Crime Report and found that Massachusetts residents lost almost $84.2 million to cybercriminals that year and that the average loss of $12,966 per victim was fourth highest in the nation.
"I am sympathetic that there are a lot of requirements competing for people's attention but these cyber hackers don't take off because we're struggling with a health crisis or trying to get kids to go to school from home and have access to Zoom," Helm said. "They're taking advantage of our reliance on it, on the technology, and that's how they're getting richer and getting more successful and more aggressive in their cyber attacks."
But that same reliance on technology, Helm said, might help people better understand the importance of cybersecurity.
"I think people have grown to realize they're able to do so much today because they have technology that is safe and secure and allows them to bank from home or to call a loved one," she said. "I think everybody realizes it is a precious resource that we have to protect."
In Massachusetts, the cybersecurity industry devoted to protecting the technology that people and businesses rely upon is made up of more than 175 companies. A year ago, there were 9,000 open cybersecurity field jobs in Massachusetts, Helm said. In the last year, that number has grown to roughly 14,000, she said.
"We're looking for talent all the time. The companies that build services or technologies are looking for people that can think innovatively and have good technical skills, but there's a lot of the cybersecurity industry that is also looking for someone that can communicate well with customers to explain problems," she said.
Helm said that Gov. Charlie Baker proclaimed October to be Massachusetts Cybersecurity Month to celebrate the industry here as well as to bring awareness to cyber risks. She said that cybersecurity firms in Massachusetts "kind of took an initial hit" early in the pandemic, but the sector has rebounded and is performing well.
"The cybersecurity companies found that people are relying more on technology and people are willing to have services that can guarantee the integrity and security of their system," she said. "So the future of the cybersecurity industry, I think, is very bright."
WBJ Web Partners
Most Recent
Most Recent
0 Comments