The increased use of cloud services and smart personal devices in the remote workplace is a phenomenon born of our universal, nearly overwhelming desire for convenience that arose during the pandemic. Convenience for the employer, and convenience for the employee.
This powerful desire for convenience has created compelling new opportunities for hackers, as demonstrated by the growth of cybercrime in the pandemic.
COVID Impact on Cybercrime
The FBI’s Internet Crime Complaint Center witnessed a 300% increase in cybercrime in a single year due to the COVID pandemic.
Prior to 2019, the year the pandemic was first reported in the U.S., the Internet Crime Complaint Center received roughly 1,000 cybercrime complaints each day. In 2020, volume jumped to an average of 3,000 to 4,000 reports per day.
That sizable spike represents the work of hackers, both domestic and international, quickly seizing new opportunities created by the pandemic. They took advantage of our increased online activity as we began to work remotely, as we used our personal devices more frequently for work, and as we visited websites and downloaded materials in unprecedented numbers.
For the most part, these new activities were driven by our growing desire for more convenience in our online undertakings as we languished, and worked, at home. In retrospect, this powerful drive for greater online convenience has come at quite a cost.
#1: The Cost of Cloud Vulnerabilities
As we began to work remotely during the pandemic, our use of cloud services and cloud-based applications surged. And so did associated security vulnerabilities, due in part to cloud app developers’ rush to meet demand. In fact, cloud vulnerabilities increased 150% according to a 2021 IBM Security Report, which also noted that more than half of the 2,500 known cloud-related vulnerabilities were found between 2019 and 2021, the peak years of the pandemic.
This phenomenon caused cloud security to become a high-growth segment of the overall cybersecurity market. Gartner reported growth of $595 million in the cloud security market in 2020, rising to $841 million in 2021, a 41% increase in just one year.
More than 90% of nearly 30,000 data breaches analyzed in Verizon’s 2021 Data Breach Investigation Report were caused by the exploitation of web application vulnerabilities. 90%! Downloading web apps from various cloud sources became a popular pastime during the pandemic and remains so today, despite ongoing security risks. According to Check Point Research, in 2021 employees downloaded malicious mobile apps in 46% of organizations.
As part of its research into cybercrime in the pandemic, IBM found a thriving market for credentials enabling public cloud access. Tens of thousands of cloud accounts were found available for sale on the dark web, with 71% offering remote desktop protocol access to provide hackers with convenient direct access. In some cases, according to the report, access credentials for cloud environments were available for just “a few dollars” on the dark web.
Many resources are available in the cloud for our professional and personal convenience, and these mushroomed during the pandemic. Unfortunately, and despite its strong market growth, cloud security has not yet caught up with our demand for cloud conveniences. Unprotected or lax use of cloud resources continues to pose a significant risk to our home systems and thus to our employers’ systems.
#2: The Cost of BYOD Exploitation
Between shelter-at-home protocols and the widespread popularity of remote work during the pandemic, mobile phone use increased substantially. A year into the pandemic, Statista compiled research regarding changes in our use of various internet-connected or smart devices. While usage grew across all device categories, four categories experienced increases of 30% or more, as follows:
- Smartphone/mobile phone usage increased 70% worldwide, and by 40% in the U.S.
- Laptop computer usage increased 40% worldwide, and 37% in the U.S.
- Desktop computer usage increased 32% worldwide, and 23% in the U.S.
- Smart TV and media streaming service usage increased 30% worldwide, and 29% in the U.S.
The top three categories above reflect a clear and substantial rise in the bring-your-own-device (to work) trend.
With most employees working from home during this time, employers allowed them to use their personal home-office computers, smartphones, and mobile phones for work purposes. This relaxed policy, born of necessity during the early pandemic, presented opportunities for hackers to access company systems and data through poorly protected personal devices and casual work-from-home behaviors.
As a result, data breaches caused by the exploitation of smart devices more than doubled in just a year, increasing from 639 million in 2020 to over 1.5 billion in 2021, according to global security corporation Kaspersky.
As the volume of smart devices and their usage continues to grow, the attack surface will continue to expand. And BYOD vulnerabilities will continue to be exploited until better security is implemented for personal devices and home systems.
#3: The Cost of Remote Work
While once thought to be a temporary response to the pandemic, working from home is becoming a permanent model for many organizations. However, home offices will pose greater opportunities for hackers as long as they continue to fall outside the corporate security perimeter. Until corporate cybersecurity measures are put in place and home offices are treated like company offices, most remote workers will use residential-grade computer security software (if they use any at all) and maintain their poor cybersecurity habits.
In a company office, the use of company-approved software and other approved technologies and tools is easy to enforce. Not so much in the remote work environment, where employees may not have access to the tools they need, software updates may not be current, or they may decide to choose their own resources based on personal preferences.
In addition, remote workers faced with suspicious emails or pop-ups lack the handy resources of the old company office, where they could easily ask a manager or local IT employee for verification. With the increasing popularity of phishing exploits among hackers, remote workers remain particularly vulnerable. Other vulnerabilities in the remote work environment include the use of weak passwords, the duplication of login credentials across accounts and websites, and similar lax user behaviors intended to increase individual convenience online.
All of these scenarios create easy opportunities for hackers. At the height of the pandemic, in 2021, three exploits were responsible for most data breaches. Stolen or compromised credentials accounted for almost one fifth (19%) of all data breaches. Phishing exploits were responsible for another 16%, followed closely by misconfigured cloud services at 15%, according to IBM’s 2022 Cost of a Data Breach Report.
Remote work also had an impact on the cost of data breaches during the pandemic. Before remote work became the norm in late 2020, the average cost of a data breach was $3.86 million. With the rise in remote work late in 2020 and its attendant risks, by 2021 the cost of a data breach had spiked to $4.24 million, per the IBM Report. Research by the Ponemon Institute, which collaborates with IBM on data breach cost analyses, found that the simple fact of employing a remote workforce added almost $150,000 to the expense of remediation alone—to say nothing of increases in the numerous other costs associated with a data breach.
Summary
Cybercrime in the pandemic increased on several fronts due to our desire to make working at home as convenient for ourselves as possible. Cybercrime thrived on our avid use of cloud services and easy mobile app downloads. Hackers exploited the sharp rise in our use of smart phones, laptops, and desktops in a permissive BYOD environment. Working remotely encouraged casual online use and lax security protocols, especially in the early days of the pandemic. Annual research reports from a variety of reputable sources demonstrate the substantial impact of these behaviors on the volume, types, and cost of pandemic-era cybercrime.
Employers continue their efforts to wrap tighter security around remote workers’ online activities in order to protect not only their employees but the company and its stakeholders as well. Until they are able to do so effectively, cybercrime numbers are likely to keep climbing.