Many Delawareans are forced to work from home during the COVID-19 pandemic. That means more computers and work emails are vulnerable to cyberattacks.
The Delaware Department of Technology and Information (DTI) says it’s seeing a spike in threats during the outbreak.
DTI Chief Security Officer Solomon Adote said the increase in threats is due to many businesses and organizations being unprepared for many employees working from home for extended periods. That includes workers using personal computers and less secure connections than they’d have at their workplace.
“Most companies can’t afford to give each one of them their own personal computers,” Adote said. “They can’t afford to provide their most secured remote access process for them. So, if we look at what is going on right now, companies are significantly increasing their risk scope beyond what they ever had to do before.”
Hackers are using phishing emails and malware to retrieve information. Adote said they have been a significant source of threats because they can easily compromise email accounts.
“When you look at our web attacks, we see an increase in traffic. But a lot times that is a lot more difficult for a non-expert level attacker,” Adote said. “When you talk about these phishing or malware you can just buy it or download it and email it. They bypass most companies’ security controls which is what makes them more scary.”
Video conference sessions like Zoom are frequently targeted. Adote said public school classes were forced to stop because of the attacks.
“These attackers are taking control these sessions and they’re doing anything they can to disrupt those sessions,” Adote said. “What it is even worse is now they’re leveraging those sessions to steal critical information like your username and password.”
The risk levels remain high across the board during the pandemic, but no industry is targeted more than the healthcare industry because it’s a critical part of the infrastructure in the United States. Also, valuable information such as medical and financial records is stored within the industry.
ChrisitianaCare Chief Security Officer Anahi Santiago has monitored cyber threats and attacks since March and said activity has accelerated at an unprecedented pace since March in response COVID-19.
“These are the magnitude of COVID and the fear that it has generated across world,” Santiago said. “It has created a great opportunity for these threat actors to be able to setup websites that mimic COVID information.”
ChrisitianaCare has adjustments by using security tools to block phishing emails and expanded its monitoring systems to its remote workers.
Remote workers using personal rather than computers are advised to update their software and work with their providers to secure their internet access.
Victims are encouraged to report any attacks to the DTI.
