Cybercrime in the Age of COVID-19
/“COVID was a golden era for people wanting to commit cyber fraud [and] cyber threats,” Robert Herjavec told attendees at the 32nd Annual ACFE Global Fraud Conference. As he addressed the virtual audience while sitting in his Toronto home, he looked back on a year that saw the coronavirus upend people’s lives and open opportunities for fraudsters like never before.
Herjavec may be best known as one of the judges on “Shark Tank,” the Emmy award-winning TV show about aspiring entrepreneurs that is now heading into its 13th season. But he also has a day job as Founder and CEO of Herjavec Group — one of the world’s most innovative cybersecurity firms that he founded in 2003.
News about cybercrime have become all too common lately due to the COVID-19 pandemic, and recent attacks on companies like SolarWinds and Colonial Pipeline has only underscored the importance of more vigilance on this front.
Herjavec, who has been in the cybersecurity business since his 20s, told TV and radio host Amber Mac about the surreal world of filming “Shark Tank” during the pandemic — with make-up professionals wearing hazmat suits for extra safety — and explained how cybercrime has thrived during the crisis. He said the COVID-19 pandemic has only brought new twists to the ever-evolving battle between hackers and cybersecurity firms like Herjavec Group. “It is not that the (cyber) attacks are bigger or more complicated; it’s that the attack surface is larger.”
Guarding the castle
In the past, companies largely kept their data and employees in one place — a sort of “castle” that was more defensible against cybercriminals. But that all changed as the spread of COVID-19 forced employees to work from home. For example, one of Herjavec Group’s clients — a hospital chain — went from having 3,500 at-home employees to 15,000 working remotely.
“Not all those people are working in a secure environment … a lot of people are sharing laptops, teenagers are using them, and they leave them open,” he said. “So, it has become easier to penetrate a corporate network.”
The distractions in the work-from-home environment also don’t help. Domestic disruptions, like children or pets, and a more relaxed atmosphere often mean that employees let down their guard when going through emails.
“Distraction always creates havoc,” Herjavec said. “Our research shows that people when they are working from home are less diligent and more open to opening emails than they would be at work.”
That means that fraudsters often have little need to resort to sophisticated methods to access sensitive information. According to Herjavec, 95% of all ransomware still comes through email.
“The recent Colonial Pipeline attack wasn’t that sophisticated,” he said. “It was a phishing attacking. It came down to a single individual opening up the wrong attachment and allowing access.”
Stick to the same old rules to stop such attacks, said Herjavec. Don’t click on an attachment from somebody you don’t know, verify emails you are unsure of and don’t trust banks asking for personal financial information in an email.
Better times ahead
With the disease receding in the U.S., Herjavec is extremely upbeat about the future. “I am very bullish on the economy,” he said. “I think this is going to be one of the greatest times of economic growth in our lifetimes. It is full steam ahead right now.”
But it wasn’t always so. When a client told him at the outbreak of the health emergency early last year that he was about to lay off 62,000 people, the gravity of the situation hit Herjavec “like a ton of bricks.”
“I thought our business was going to be fine but [I realized] all our customers were going to suffer. Who am I going to sell to?” he asked himself at the time. “There were three days I didn’t know what was going to happen.”
Herjavec was soon huddling with his CFO to see how long his company could survive a Black Swan scenario — one that involved burning through existing cash without new and existing customers and no credit lines. “It was a long enough time that I felt that COVID wasn’t going to last that long,” he said. “[But] it was a pretty harrowing three days.”
Being resilient and having an ability to adapt is key in business, and Herjavec has done just that and thrived. His company recently become the Official Cybersecurity Services Provider of Formula 1®, the group responsible for the racing car championships of the same name.
“The amount of data they collect in a single race is the equivalent to what an average company generates in a year. And we have to protect that,” said Herjavec. “…and of course, I love race cars.”