-

Exploiting the pandemic

""

Exploiting the pandemic:

The growing threat posed by cyber criminals

05 June 2020

5 minute read

Cybercrime flourishes in times of uncertainty. With stress levels high, normality on hold and operations stretched, cybercriminals are on the hunt for easy targets. We look at what the risks are for you, your family and your business.

“The World Health Organization recently announced a 500% increase in scams associated with COVID-19,” says Paul Dwyer, CEO, Cyber Risk International. “The parallels to the virus itself are remarkable. Cybercrime is spreading like a digital cough as criminals exploit the opportunity of individuals being distracted and life being conducted abnormally.”

Even those who considered themselves tech savvy have been bowled over by the explosion of digital solutions enabling us to continue to work and socialise in new circumstances. With that increasing reliance on technology, however, comes increased risk.

The scale of the threat

Wealthy individuals and Family offices can present cyber criminals with a high value target, where the risk/return ratio operates in their favour. According to Dr Chris Pierson, CEO and Founder of BlackCloak: “If you’ve got a combination of a great deal of money and any internet-connected devices, you’re a potential target. You should be taking extraordinary measures to protect your financial security and digital footprint1.”

Research carried out by Campden in partnership with Schillings, found that 28% of ultra-high net-worth international families, family offices and family businesses have experienced a cyber-attack, with over a third of those participating in the survey having no cyber security plan in place2.

If you’ve got a combination of a great deal of money and any internet-connected devices, you’re a potential target. You should be taking extraordinary measures to protect your financial security and digital footprint

Elevated risk in extraordinary circumstances

Under normal circumstances, that would be a cause for concern. Add in the increased opportunity and threat level we’re facing today, and it becomes a major risk factor. According to McKinsey, the threat environment is being shaped by a number of factors, including changes to the way we behave, such as increased reliance on collaborative platforms, video conferencing and digital tools that enable us to maintain business continuity3. In our personal lives too, we’re increasingly shopping, socialising and playing online.

“Even for those of our clients who are used to working from home and using technology to connect, the current situation presents challenges, which can quickly be turned into opportunities by cybercriminals,” says Carrie Griffiths, Fraud Governance Lead, Barclays Private Bank. “In addition, some of our Family office clients, for example, are quite niche and may not have the ability to dedicate resource to monitoring cyber-risk, or their business continuity plans may be light touch and unable to cope with the contingent situation we’re now facing, creating increased exposure to a growing threat.”

Exploiting vulnerabilities

Cybercriminals are quick to exploit vulnerabilities and, whilst the methods of attack according to Dwyer are the same, the hooks are different and topical. Phishing and malware attacks may use the term COVID for example, playing on alert levels and fear.

“We’re seeing increasing numbers of phishing emails soliciting funds for charities or frontline workers, or offering tax refunds or financial support, or even claiming to be from the health authorities,” says Dwyer. “By playing into people’s vulnerabilities, the criminals have a psychological advantage and that gives them a greater chance of people clicking on links or supplying data that the criminals can use to perpetrate their crime.”

Social distancing may help protect us from the virus, but it also creates conditions that favour the cybercriminal. Without our usual support networks on had to act as a check and balance, there’s a far greater propensity for people to act in ways they wouldn’t normally do.

A number of scientific studies show the effect of isolation on human psychology and physiology4, changing our neurocognitive behaviour, which can in turn make us more susceptible to suggestion or more keen to forge connections – offering opportunity for fraudsters or cyber-criminals. I Increased digital use can also normalise behaviours that we would think twice about in a real-world situation, such as sharing quite personal information.

Dislocation from friends, family and colleagues has seen an explosion in social media usage. Neilsen, for example, has reported a significant increase in social media app usage in the US following stay at home orders5. If privacy controls are light or non-existent (perhaps because we’re not sure how to set them optimally, or because we’re using new platforms), there’s a clear opportunity for criminals to harvest information.

Maintaining vigilance

Dwyer makes the point that “we’re only as secure as the weakest link”. Whether that’s a supplier, employee or even a family member, it can create an opening for criminal activity. Auditing supplier cyber-strategies and training employees is one thing but making sure that family members, particularly the digital native generation, are aware of the risks is vital.

Research shows that oversharing can lead to increased risk, with 21 people in the UK defrauded every minute as a result of oversharing on social media. Failing to secure information can allow it to be used directly, for example, to extort funds, or to make phishing emails more plausible. When a cyber-criminal is assessing potential targets, availability of information and ease of access will weigh heavily.

When there are many demands on time and resource, managing cyber security can easily slip down your list. “Vigilance is key,” says Emma Qualtrough, Fraud and Anti-Money Laundering Manager Barclays. In an ideal scenario, we’d all have time to review our approach to cyber-security, understand the threat level and what we must do to mitigate that, but it’s not always easy. That’s why we continue to support our Private Banking clients and Family offices, providing access to Barclays’ global resources and insight through online sessions tackling the key issues as well as more tailored practical support.”

How to reduce your cyber risk

Education and communication are incredibly valuable tools in the fight against cyber-crime, but Dwyer also points out that there are practical steps that individuals and businesses can take to reduce their risk. “Good cyber-hygiene can’t be underestimated,” he says. “Just like good hygiene practices help reduce the risk of catching the coronavirus, good cyber-hygiene reduces your risk of being a victim of cyber-crime. Most cyber-attacks are unsophisticated and can be easily dealt with by some simple steps.” See box out for Dwyer’s top tips on how to reduce your cyber-risk.

The global and prolonged nature of the pandemic means that the enhanced threat level of cyber-crime is likely to remain for some time, so ensuring you and your interests are protected in both the short and longer-term is worthwhile. “People need to ask themselves whether they have a well thought out approach to cyber risk and whether that approach is appropriate in the current circumstances,” says Dwyer.

“They also need to ask themselves how much they’re prepared to risk and what the wider consequences of that loss may be. Undertaking a cyber risk assessment, can help identify weaknesses and empower individuals and businesses to protect themselves in a threat landscape that continues to evolve.”

Just like good hygiene practices help reduce the risk of catching the coronavirus, good cyber-hygiene reduces your risk of being a victim of cyber-crime. Most cyber-attacks are unsophisticated and can be easily dealt with by some simple steps.

What good cyber hygiene looks like and how it can reduce your cyber risk. Dwyer’s top 10 tips.

  • Ensure your antivirus software is up to date
  • Secure your home network by changing the standard router password
  • Consider using VPN to access your network, which provides an added layer of security
  • When you’re making video calls, avoid sharing your whole screen, as this can unwittingly share information
  • Be sceptical of any unsolicited emails and don’t be tempted to click through links or forward them
  • Don’t share personal information or details of any calls (for example Zoom meet ups) on social media, it’s an easy route for people to use that information
  • Try to only use a corporate device for work, so-called shadow IT (your home computer or mobile) can be a weak link
  • Ensure your security settings are up to date and become familiar with them
  • Wherever possible use a web rather than an app version of software
  • Make yourself, your family and employees aware of new scams. Often police or government authorities will publish details.
""

Fraud and Security

Our experts are on hand to support your cyber-security needs through online seminars across a range of platforms. You can also find more information and guides covering cyber-security on our Fraud and Security pages. Speak to your relationship team today to find out more.

Investments can fall as well as rise in value. Your capital or the income generated from your investment may be at risk.

This document has been issued by the Investments division at Barclays Private Banking division and is not a product of the Barclays Research department. Any views expressed may differ from those of Barclays Research. All opinions and estimates included in this document constitute our judgment as of the date of the document and may be subject to change without notice. No representation is made as to the accuracy of the assumptions made within, or completeness of, any modeling, scenario analysis or back-testing.

Barclays is not responsible for information stated to be obtained or derived from third party sources or statistical services, and we do not guarantee the information’s accuracy which may be incomplete or condensed.

This document has been prepared for information purposes only and does not constitute a prospectus, an offer, invitation or solicitation to buy or sell securities and is not intended to provide the sole basis for any evaluation of the securities or any other instrument, which may be discussed in it.

Any offer or entry into any transaction requires Barclays’ subsequent formal agreement which will be subject to internal approvals and execution of binding transaction documents. Any past or simulated past performance including back-testing, modeling or scenario analysis contained herein does not predict and is no indication as to future performance. The value of any investment may also fluctuate as a result of market changes.

Neither Barclays, its affiliates nor any of its directors, officers, employees, representatives or agents, accepts any liability whatsoever for any direct, indirect or consequential losses (in contract, tort or otherwise) arising from the use of this communication or its contents or reliance on the information contained herein, except to the extent this would be prohibited by law or regulation..

This document and the information contained herein may only be distributed and published in jurisdictions in which such distribution and publication is permitted.  You may not distribute this document, in whole or part, without our prior, express written permission. Law or regulation in certain countries may restrict the manner of distribution of this document and persons who come into possession of this document are required to inform themselves of and observe such restrictions.

The contents herein do not constitute investment, legal, tax, accounting or other advice. You should consider your own financial situation, objectives and needs, and conduct your own independent investigation and assessment of the contents of this document, including obtaining investment, legal, tax, accounting and such other advice as you consider necessary or appropriate, before making any investment or other decision.

THIS COMMUNICATION IS PROVIDED FOR INFORMATION PURPOSES ONLY AND IS SUBJECT TO CHANGE. IT IS INDICATIVE ONLY AND IS NOT BINDING.