The news is flooded with stories about cyber criminals successfully engaging in phishing and social engineering aimed at exploiting people’s COVID-19 fears, all in order to steal user credentials to business applications and VPNs. From fake delivery notifications to World Health Organization (WHO) impersonations, malicious actors are preying on people’s emotions during this pandemic.
The credentials used for authentication are ultimately an organization’s network perimeter. This puts organizations in a difficult position — they can limit employee’s access to these systems and risk negative impacts to productivity and business continuity, or they could bury their head in the sand and hope nothing bad happens. Many are choosing the latter, and the implications are being felt worldwide.