Cyber-security and COVID-19

Cyber-crime is rising due to greater sophistication and the implementation of COVID-19-prevention methods, according to experts speaking on a British Chamber of Commerce in Japan webinar on July 9.

Representatives of Nihon Cyber Defence (NCD), a Japan-based global cyber-defence firm protecting national infrastructure and organisations against cyber-attack, discussed how the cyber-security landscape is changing and what organisations can do to protect themselves.

John Noble CBE, senior advisor at NCD and non-executive director of NHS Digital, said the volume and sophistication of cyber-attacks by specialist crime groups and nation states is growing worldwide, despite international information-sharing to combat the problem.

Japan has long been an attractive target because of its global leadership in Bitcoin and virtual currency, but the impact of cyber-attackers has been limited due to the poor Japanese language used in attacks aimed at Japanese nationals.

Now, however, cyber-attacks are “increasing exponentially” in the Japanese market, said Cartan McLaughlin, chief executive of NCD, pointing to a United Nations report showing that half of the $4bn of virtual currency stolen worldwide in the past 5–10 years was from Japan.

McLaughlin has been alerted to more cases of business email compromise, a security exploit whereby an employee with access to company funds is convinced to transfer money to a bank account controlled by the attacker. Evidence shows that Japanese speakers are being recruited for such cyber-crime, he said, noting that if the language used in attacks is natural, recipients are more likely to click a link or open an email. Japan is also seeing a rising number of cases of ransomware to target those with sensitive data.

Yet awareness about the growing threat remains low in Japan, with much cyber-security effort going into educating organisations. Tomomi Aoyama, UK head of business development at NCD, believes this is because there is a “clear gap between how Japanese perceive risk and how others perceive risk.” Due to Japan’s history with natural disasters, like typhoons, there is a perception that risks cannot be avoided, or that Japan, as an island nation, is somewhat protected, she said.

Aoyama busted the myth that cyber-attacks have purely fiscal consequences. A recent attack on a control system, for example, left it unable to gauge safe water pressure, showing that an organisation’s safety, infrastructure and business continuity can be affected, even if a system is not connected to the Internet.

Impact of COVID-19

Due to steps to curb COVID-19, the world has become even more dependent on digital systems, thereby increasing the level of cyber-risk and the prevalence of cyber-attacks.

Noble shared that ransomware is becoming more problematic; specialised criminal groups and nation state APTs (Advanced Persistent Threats) are targeting organisations and their supply chains. With the increased risk—and increased impact of a breach amid the COVID-19 crisis—more steps are being taken to protect critical systems and data, particularly within the UK’s National Health Service.

APTs appear to be “actively using cyber to further their response to COVID-19 and undermine other nations in their response,” he said. They are also “very aggressively” attacking academic institutes and private companies to access data related to vaccine research, as well as levels of infection in populations and country responses to the pandemic.

Teleworking has also “created doors into corporate networks” for cyber-criminals, said McLaughlin, adding that, in desperation to get staff working from home during Japan’s state of emergency, firms may have ignored policies they would have implemented had they been at the office.

“We have to readjust our thinking about how we operate remotely and what challenges it places on our security, risk profiles, policies and home-working networks,” he said.

Aoyama added that organisations have implemented “a lot of ad hoc changes to adjust to the new environment.” She called on attendees to keep adapting their security approach to ensure they keep up with “the new normal.” Without colleagues nearby to consult when faced with a potential attack, teleworking staff need more encouragement to reach out to their IT department for help or to make a report.

Tips to stay secure

The UK National Cyber Security Centre’s “10 steps to cyber security” was cited as a good starting point for organisations seeking to protect themselves in cyberspace.

Other takeaways include using a minimum of two-factor authentication when accessing a company IT system or a key email account. Organisations should continually assess and update their cyber-security. A system for confirming payments, so staff know what to do if they receive a business email compromise would also be beneficial, as would reinforcing existing policies about reporting of breaches or unusual activity.

Vital data should be backed up offline, but Noble said organisations should task experts with migration to the cloud. He pointed out that “basic configuration errors are the primary reason for cloud-related breach,” which accounts for a large number of all cyber-breaches.

Governments, firms and other organisations should also share any intelligence they have about cyber-incidents, to ensure proper forensic examination of threats, tactics and so on.

“Information sharing is important; it’s what hostile actors fear most. They rely on the fact that the victim won’t tell others for fear of being seen as unsecure but, by sharing, we can all help stop these attacks in future,” said Noble.