Blog
← Back to Blog
July 15, 2020 cybersecurity

The Pandemic Made Cybersecurity Worse. Here Are the Numbers.

Pandemic impact on cybersecurity

Six months into the pandemic, the cybersecurity data is in, and it's grim. COVID-19 didn't just disrupt healthcare and the economy. It created perfect conditions for cybercriminals. Let's look at the numbers.

The Data

  • Ransomware attacks up 150% compared to the same period in 2019
  • Phishing emails up 600% since February 2020
  • Healthcare sector attacks up 150%, making it the most targeted industry
  • RDP brute-force attacks up 400% as organizations exposed remote access
  • Average ransomware payment: $178,000 (up from $84,000 in 2019)

Why the Pandemic Made Everything Worse

Expanded Attack Surface

Millions of employees went remote overnight. VPNs were deployed hastily. RDP was exposed to the internet. Personal devices accessed corporate data. The attack surface expanded faster than security could keep up.

COVID-19 Themed Lures

Pandemic fear created the perfect social engineering environment. Emails about stimulus checks, PPP loans, COVID test results, CDC guidance, and vaccine information all served as effective phishing lures. People click when they're scared.

Reduced Staffing

IT teams were stretched thin managing remote transitions. Security monitoring took a back seat to "just make it work." Patches were delayed. Alerts went uninvestigated. The defenders were overwhelmed.

Healthcare Under Siege

Hospitals and healthcare organizations, already stressed by COVID patients, became prime ransomware targets. Attackers correctly calculated that healthcare organizations under extreme pressure were more likely to pay quickly.

Notable Incidents in 2020

  • Universal Health Services: 400 facilities hit by Ryuk ransomware. Operations reverted to paper for weeks.
  • Garmin: Paid a reported $10 million ransom after WastedLocker encryption.
  • Numerous hospitals: CISA issued alerts about imminent ransomware threats to healthcare.
  • COVID research: State-sponsored actors targeted vaccine researchers at multiple institutions.

What to Do Now

  1. Audit your remote access. Is RDP exposed? Is 2FA enabled on all remote access points? Are VPN connections encrypted and logged?
  2. Refresh phishing training. Your staff has been bombarded with COVID-themed phishing for months. Conduct a phishing simulation to assess current awareness.
  3. Verify backups. Ransomware payments are up because organizations either don't have backups or their backups are compromised. Verify yours are isolated and current.
  4. Patch now. The vulnerabilities being exploited are known. The patches exist. Apply them.
  5. Review cyber insurance. Does your policy cover pandemic-related incidents? Is the coverage amount adequate given increased ransom demands?

The pandemic will end. The cybersecurity consequences won't. The attack patterns established during COVID-19, targeting remote workers, exploiting healthcare, and weaponizing fear, are permanent additions to the threat landscape.