Article Preview
TopIntroduction
Crisis scenarios are traditionally times when cybercrime is on the rise. Hostile cyberspace actors as recognized in Backman (2020) tend to take advantage of these phases to carry out cyberattacks due to the media attention that is given to a given topic. The current pandemic associated with the spread of COVID-19 has been no exception. Covered by this media theme, cyber attackers have increased their activity. Muncaster (2020) reports that the number of threats in cyberspace has increased about six times since the beginning of the pandemic and its effects have been notorious in many companies in daily activities like remote working and collaboration tools (Grustniy, 2021). Cook (2020) states that the business sectors most affected have been healthcare, financial sectors, energy, and government sectors.
The security vulnerabilities of companies due to telework increase the chances of success of an attack. Many of these techniques used by hackers are quite easy to implement and essentially take advantage of the low computer literacy of some of the companies' employees. The urgency to create a teleworking environment was also a driver of these attacks, as it was not possible to properly analyze the security risks of these platforms and also did not give time to provide the necessary training to employees. Rogers (2020) points out that there is currently a high dependency on the Internet, and although some institutions already have workers used to traveling and accessing the company remotely, there are many companies that donot. In these cases, even if the number of employees with inappropriate behavior is reduced, their impact is magnified in the case of cyberattacks, and the whole company is compromised.
Everyone and any company could be the target of a cyberattack. Furthermore, people and companies are more vulnerable in times of uncertainty. Cooper (2020) recommends that people should ideally have separate devices to access the Internet. One would be dedicated only to connecting the working system in the company using a virtual private network, and another to the remaining personal activities. Moreover, it would be desirable for companies to have security operations centers that monitor activity on the network (Onwubiko, 2015). This ideal scenario is far from being achieved especially by small businesses and micro-companies (i.e., employ fewer than 10 people). The number of electronic devices that people have at home with an Internet connection is limited, and often the same device is shared by several people to access several applications simultaneously. Additionally, people tend in this time of high instability to look for more information that is related to COVID-19. This is according to Anderson et al. (2020) an area that has been explored by hackers.
Since the beginning of the year, and as COVID-19 has spread around the world, there has been a very significant increase in several types of attacks, such as phishing, malicious domains, malware, and ransomware (Desai, 2020; INTERPOL, 2020). The studies carried out so far have been developed by government security offices and IT security consultants who explore the impact of the increase in these attacks on the lives of people and companies. However, these studies do not explicitly focus on small business environments, nor do they offer a level of granularity that would reveal the nature of these attacks. This information would be relevant to understand in depth the vulnerabilities sought by these attacks and, through this knowledge, it would be possible to propose mitigation measures that are feasible to be adopted by small and medium enterprises (SMEs).
This study is organized as follows: Firstly, a conceptual and contextual analysis of the types and categories of cybersecurity attacks, and the main vulnerabilities emerging in the corporate environment, is performed. After that, the study methodology and associated methods are outlined. Next, the results are presented, and the discussion considers their relevance and possible forms of mitigation. Finally, the conclusions are presented and some themes for future work are suggested.