The Importance of Cybersecurity During a Crisis

April 6, 2020
In times of crisis, some parts of your organization may be deemed more critical than cybersecurity, but that thinking can leave your systems unprotected. Be aware of your vulnerabilities to keep your system strong.

Due to employer recommendations or orders from federal, state, and local authorities concerning the current COVID-19 outbreak sweeping the globe, working from home has become increasingly common. And in demanding times, many corporate functions which are deemed non-essential are the first to be reduced. In some organizations, cybersecurity tends to be lumped into the non-essential category. If this resonates with you, remember the importance of cybersecurity and good cybersecurity practices are even more critical now than in times of normal operation, even though cybersecurity-related projects may be put on hold.

When there are global emergencies, or other high-profile news, attempts by scammers to compromise systems or accounts through phishing attacks typically trend upwards.

Every person within an organization has information that is valuable to an attacker. People in a technology-related role may receive phishing attempts about computer issues that appear to be coming from others within the organization. These might say that they are having issues connecting to work systems or are having random errors with an image of the error attached. However, these attachments will be malicious attacks that attempt to load keyloggers, other pieces of software, or even attempt to create a remote session to the system. In these instances, the attacker is playing off the employee’s willingness to help others during a time of need.

Employees who are not in a technology specific role are also targeted. Those targeted attempts might not play off the urgency to help someone but rather target the employee’s curiosity.

A phishing attacks may lure the employee in with an email message that can say, “Multiple individuals within the organization have tested positive for COVID-19. Please click the following link to follow live updates of all employees who have tested positive.”

While some employees will recognize this as a serious Health Insurance Portability and Accountability Act (HIPPA) violation and know it is not legitimate, for others, the temptation, or even fear, will be too great to recognize the obvious flaws in the email and will click on the link. And once the link has been clicked and the employee accesses the malicious web page, the attack will have already compromised the system and given the attacker access to any data on their system.

Beyond the increase of phishing attempts, there could also be an increase of active cyberattacks happening around the world during these times as well. With fewer people working either from home or in an office, an attacker could utilize this time to strike an organization. When employees are focused on other tasks, they might skip reviewing logs which may have alerted them to an attack happening on a system. With everyone’s time, effort, and thoughts on items that are deemed more critical to them than cybersecurity, attackers could potentially have much more time and freedom within an organization before they are detected and stopped.

While scenarios like this will not happen to everyone, there is a very real possibility that they will happen to some. In times of crisis—like the one we currently find ourselves in—we may adjust our focus, but we need to make sure we are diligent and mindful of the cybersecurity issues surrounding us. Don’t let distraction lead to vulnerability for your organization.

Brandon Bohle is Manufacturing IT analyst III at Interstates Control Systems, a certified member of the Control System Integrators Association (CSIA). For more information about Interstates Control Systems, visit its profile on the Industrial Automation Exchange.

Sponsored Recommendations

Why Go Beyond Traditional HMI/SCADA

Traditional HMI/SCADAs are being reinvented with today's growing dependence on mobile technology. Discover how AVEVA is implementing this software into your everyday devices to...

4 Reasons to move to a subscription model for your HMI/SCADA

Software-as-a-service (SaaS) gives you the technical and financial ability to respond to the changing market and provides efficient control across your entire enterprise—not just...

Is your HMI stuck in the stone age?

What happens when you adopt modern HMI solutions? Learn more about the future of operations control with these six modern HMI must-haves to help you turbocharge operator efficiency...