Many were prepared for a cyber onslaught, while ill-equipped businesses fell victim when the COVID-19 hit. Alexandra Leonards explores how the pandemic drove cyber-crime and looks at the UK response to the rise in online attacks.

The disruption of an atmosphere of crisis and an influx of workers into home offices has created an online haven for cyber criminals.

Earlier this month, a freedom of information request exposed a 60 per cent increase in the number of email cyber-attacks on UK MPs compared to 2019. While the National Cyber Security Centre (NCSC) reported that this year more than a quarter of incidents it responded to were COVID-related.

A lot of businesses had taken action early and were up for the challenge. But high-profile cases like a recent debilitating cyber-attack on Hackney Council, which has impacted the borough for weeks, demonstrate how far-reaching and devastating the consequences can be if the right systems, methods and security cultures aren’t in place.

“The criminal element that is driving this kind of crime is as human and as intelligent as anyone else – it recognised that crisis is a fantastic time for successful crime, particularly scams,” says Marc Lueck, EMEA chief information security officer at Zscaler. “The massive rise in phishing you're seeing, COVID- specific phishing and the overall slight uptick of phishing in general, is because they are aware that when an entire nation is thinking of one subject it's really easy to subvert and use that subject to gain a slightly increased rate of success.”

A drive towards working from home has accelerated an already growing rate of cyber-crime incidents. The NCSC points out that because organisations have been increasingly reliant on technology throughout the pandemic, there has automatically been more exposure to online harm.

“Employees working from home with a personal computer or laptop, lack the strong network protections that many organisations have set up for an office environment,” explains Lisa Ventura, chief economic officer & founder, UK Cyber Security Association. “In addition, cybercriminals have continued to use creative COVID-themed attacks aimed at catching workers off-guard when they are distracted.”

Prior to the pandemic, credential theft and social attacks were at the root of the majority of breaches, with 67 per cent of cyber-crime fitting into those categories, according to Verzion’s most recent Data Breach Investigations Report.

“A three-month COVID-19 analysis from our Cyber Intelligence and Incident Response team found that this trend is being exacerbated by the growth in home working, with more reliance on log-in credentials from employees and MPs needing remote access,” explains Phillip Larbey, managing principal of investigative response at, Verizon Business. “Furthermore, human error was shown to cause almost a quarter of breaches pre-pandemic and the problem is only getting worse.

“As employees faced major disruption, increased workloads as a result of decreased workforces, and of course, for many, the distraction of in-house family members and home-schooling, it is no surprise that more errors leading to data breaches have been reported during the pandemic.”

Verizon Business, the business and government arm of the wider telecommunications company, has also seen cybercriminals using uncertainty and fear around the pandemic to their advantage – with the use of the words “COVID” and “coronavirus” helping to increase the number of victims who fall for their scams.

“A phishing simulation performed on approximately 16,000 people in late March found that almost three times as many people not only clicked on the phishing link, but also provided their credentials to the simulated login page than in similar tests run late last year,” adds Larbey.

How the UK responded to rising cyber-crime

Cyber security is ranked as the top technology priority for businesses. A total of 86 per cent of companies say their focus is keeping users, data and infrastructure secure, according to the latest tech priorities report by Softcat.

But since the pandemic hit earlier this year, has the focus endured?

Rapid transformation to a distributed remote work model at the start of 2020 meant that many businesses had to “give ground” on security to deliver work flexibility at speed, giving cyber criminals opportunity to attack, says the Softcat study.

However, despite the cumulative security pressures currently faced across industries, Zscaler’s Marc Lueck believes businesses have been very lucky during the pandemic.

“Why we haven't seen the utter disaster that we could have seen had this just happened without preparation, is that for the past three or four years we've been seeing people spending time, effort, and increasing budget on what I’m going to call ‘security culture’” he says. “Security culture is about figuring out ways of actually injecting security into the thinking and conscious brains of workers.

“Because we've been spending quite a lot of time on this, we've actually benefited from it at the time when we most desperately needed it.”

Although MPs have been experiencing nearly three million email cyber-attacks every month, compared to around 1.7 million the same time last year, the government has managed to block each and every one. That’s because it enabled domain-based message authentication, reporting and conformance (DMARC) across all gov.uk domains.

DMARC helps to authenticate an organisation’s communications by blocking fraudulent or malicious emails that spoof email addresses run by government departments.

With the government last year announcing a two-year programme dedicated to building cyber capabilities and reducing risk-facing staff, it was already prepared for what was to come.

Cyber-crime is not a brand-new problem, so technological solutions have been in place for a while. This has ensured many industries and businesses have not fallen apart.

However, Ian Pratt, global head of cyber security at HP Personal Systems, is not so optimistic about the existing state of cyber security.

“Incremental innovation in security is failing to disrupt threat actors, so a new approach to security is needed that builds in protection from the hardware up,” he says. “Hardware-enforced technologies, like micro-virtualisation, can help protect users and leave malicious actors with nowhere to go and nothing to steal, while also collecting vital threat intelligence to protect the business.”

Keeping a step ahead

As we look ahead to at least another few months of closed offices and employees working from their bedrooms, it’s clear that those who didn’t get it right the first time must implement better techniques and tools. Meanwhile, those that survived the cyber onslaught must continue to remain a step ahead of increasingly sophisticated cyber criminals.

If they haven’t already, organisations should consider shifting to a protection-first model, adding virtualisation into layered defences.

“This means executing ‘risky’ workloads – like opening email attachments, clicking on links, or downloading files – within hardware enforced micro-VMs (virtual machines), isolated from the rest of the device or network,” says Ian Pratt, HP Personal Systems. “This way, it doesn’t matter if a document or web page is riddled with malware, because the hacker has nowhere to go, nothing to steal and no way to persist; this means users can go back to their day jobs and click with confidence.”

Moving forward Verizon Business’ Phillip Larbey says that business leaders must work with HR departments to develop and execute team-engagement plans.

“Team members should be encouraged to become subject matter experts in an area new to them and have the ability to facilitate information sharing with the rest of the team,” he explains. “The next stage of this is engaging in a clear dialogue with security teams, if the security team isn’t getting involved at the start of a major business initiative, or if the line-level managers have a “neutral” (or worse) relationship with the security team, it’s unlikely that the organisation as a whole will achieve its strategic objectives.

“As we approach 2021, it is vital to identify key stakeholders and learn more about their perspectives on cybersecurity; organisations should look to teach security program influencers about the value of inviting security into their strategic planning at the start, rather in the days leading up to launch.”

To protect remote workers businesses must ensure they have sound security protocols in place.

“Best practices, such as two-factor authentication and endpoint security, are important but ideally, they should be setting up 24/7 monitoring and with use cases for VPN and cloud monitoring to detect cyber threats before they can cause damage to their organisation,” explains Lisa Ventura, UK Cyber Security Association.

For better or for worse, coronavirus has ensured cybersecurity remains a top priority for most businesses. Those that don’t recognise how important it is to get it right, will likely face some unwelcome consequences.

Share Story: