Business cyber threats increase as criminals use the coronavirus as bait

09 April 2020 3 min. read
More news on

Professional services firm KPMG in Saudi Arabia has warned of an increase in malicious cyber-activity, as online criminals seek to exploit the global coronavirus pandemic.

Predatory pricing on products such as hand sanitizer may be one thing, but a more sinister threat has emerged during the global coronavirus pandemic, with malicious cyber-actors upping their number phishing, online scams and malware attacks in an effort to exploit workplace disruption and the rise of remote working together with the necessity of new communications technology.

Notably, there has also been an increase in attackers employing the virus itself as bait, aimed at tapping into fear, uncertainty, an increased in online activity during isolation and potentially lowered guards, with KPMG Saudi Arabia noting the rise in malware cases installed via Covid-19 heat-maps and social media campaigns. Already, the vast majority of cases stem from opening emails.

For business, the threat is significant. In Accenture’s most recent Cost of Cybercrime report, the firm pegged the average cost of cybercrime in 2018 at $13 million, with the average number of attacks growing to 145 and displaying an increasing level of sophistication. In the Middle East, Iran has also been identified as a growing hotbed of activity, with Saudi Arabia in its sights.

In light of the rising threat, KPMG has urged companies to take steps to bolster cybersecurity in the COVID-19 era, stating that with the increased use of remote technology and employees working from home it’s crucial that cybersecurity is included in any contingency planning and has the attention of the Board. The first step, ensure employees know how they can work securely and safely. 

Business cyber threats increase as criminals use the coronavirus as bait

Employees should also be aware of how they should handle situations if they have and doubts, and know the protocols in place in the event of an incident. Next, businesses should ensure their helpdesks are fully operational, and that that the entire workforce is being extra vigilant for phishing emails or whaling – the latter which describes phishing attacks that specifically target the CxO level.

Key is that both Chief Information Officers (CIOs) and Chief Information Security Officers (CISOs) are included in business decisions related to the crisis, such that they become a valued part of the crisis management organisation – “as security measures will be challenged or relaxed during the crisis.” Above all, the firm states, think in solutions rather than as to bottlenecks.

“Organisations that want to protect themselves from these types of crisis must be sure to incorporate these types of scenarios in their periodic risk assessments at board and operational level,” states Ton Diemont, KPMG’s Head of Cybersecurity in Saudi Arabia, adding as to any investments made to avoid or reduce the risk: “No one can deny that the likelihood of this threat is insignificant.” 

Diemont continues, concluding: “While the Covid-19 pandemic will significantly impact businesses, the current view of, unfortunately, most senior management is that cybersecurity is merely seen as a cost center rather than a business enabler or business saver. Hence, cybersecurity is critical to collective resilience and must be considered foundational.”