While healthcare professionals, government leaders, and countless others have tirelessly worked to see us through the COVID-19 pandemic, the world’s cybercriminals have been just as busy doing harm. In fact, and according to a new report from BAE Systems Applied Intelligence, “cybercrime has experienced a massive uptick of 74 percent among banks and insurers alike since the COVID-19 pandemic began.” That said, as we now return to some level of normalcy, it is more important than ever to safeguard precious assets, especially personal/consumer data, from malicious activities, and ultimately, financial loss. 

The report, entitled the COVID CRIME INDEX 2021 REPORT, focused on financial institutions and their customers over a one-year period, March 2020 through March 2021. Interestingly, it found that “upheavals caused by the pandemic have highlighted openings and insecurities in financial institutes’ networks, creating opportunity for fraud, risk, and cyberthreats.” Further, the report states that the situation “has been exacerbated by cuts of 26 percent to IT security, cybercrime, fraud, and risk department budgets at large, and personnel reductions of IT security teams among more than a third of those [902 organizations] surveyed.”

Contributing to the dramatic uptick in cybercrime during the COVID-19 pandemic are factors such as: 

  1. A remote working model, resulting in less security overall and reduced visibility of potential security gaps
  2. Highly targeted (individualized) scams, email hoaxes, and text/SMS attempts
  3. Increased online shopping, leading to more in exposure and therefore, more security vulnerabilities 

And the numbers published in the new report tell it all. 

  • An average of $720,000 has been lost by U.S. and UK banks and insurers over the report period, with 56 percent of those institutions reporting an uptick in financial losses
  • Among consumers, 20 percent have been targeted via email, text or SMS
  • On average, cybercriminals are making off with somewhere between $743 to $1,100 a pop (ouch!)

So, while life as we know it may slowly be returning to normal, or at least the “new normal,” it’s clear that cybercriminals never missed a beat during the global pandemic. Conversely, they saw it as a great opportunity to cash in. And, not just from the financial institutions and insurance companies referenced in BAE’s COVID CRIME INDEX 2021 REPORT, but from healthcare facilities, government agencies, and others as well. 

Months back, and as shared in a previous BOLDplanning blog post, even the U.S. Department of Health and Human Services and the World Health Organization were targeted by hackers in unsuccessful but ongoing attacks. So too were health agency websites, including the Champaign-Urbana Public Health District in Illinois. Its ransomware attack left the agency’s website offline for several days, severely limiting the ability of health officials to communicate with the public at the worst possible time. 

As a reminder, mitigation and preparedness are key to preventing, addressing, and overcoming cybersecurity events. Take the usual precautions of using the latest antivirus/antispyware software available, and keeping applications and operating systems current. Also, adopt a formal internet use and email policy, and train employees in basic cybersecurity principles. Last, but certainly not least, have a plan of action just in case your organization, public or private, becomes the next victim of a cyberattack.

With 10,000+ plans under its belt, BOLDplanning is the preeminent developer of online software for Emergency Operations (EOP) plans, Continuity of Operations (COOP) plans, and Hazard Mitigation plans. The company’s team of experts is also well-versed in facilitating HSEEP-compliant exercises to help ensure organizational preparedness for cyberattacks, natural disasters, and other business disruptions.