Although somewhat obvious, the World Economic Forum, in partnership with Marsh McLennan, SK Group and Zurich Insurance Group, recently issued its 16th edition of the Global Risks Report (the Report), which analyzes “the risks from societal fractures—manifested through persistent and emerging risks to human health, rising unemployment, widening digital divides, youth disillusionment, and geopolitical fragmentation” and determined that cyber-attacks are “key threats of the next decade.”

The Report outlines severe risks, including the COVID-19 pandemic, debt crises, climate change and a host of other predicted ailments, and cybersecurity is one of the top risks. The Report has mentioned cyber-attacks as a risk since 2012, and certainly the risk today is far more widespread than it has been in the past.

Cybersecurity failure is listed as a “top risk by likelihood” over the next decade. IT infrastructure breakdown is “among the highest impact risks of the next decade.” Weaving through the Evolving Risks Landscape Chart, cyber-attacks and data fraud or theft have jumped to the top of the list as a cluster.

In preparing for the global risks outlined in the Report, the World Economic Forum, although calling the risks outlined in the report “dire,” surmised that in contemplating the next crisis after COVID-19, “[T]he response to COVID-19 offers four governance opportunities to strengthen the overall resilience of countries, businesses and the international community: (1) formulating analytical frameworks that take a holistic and systems-based view of risk impacts; (2) investing in high-profile “risk champions” to encourage national leadership and international co-operation; (3) improving risk communications and combating misinformation; and (4) exploring new forms of public-private partnership on risk preparedness.”

Although the Report is brutally honest and transparent in its predictions, it perhaps is a snapshot in the future for business leaders to consider when planning strategies for business long term, including managing top risks by likelihood and impact to the organization. This would obviously include cybersecurity preparedness and resilience.

Binary Check Ad Blocker Security News

Those of us who are not health care workers, essential workers or the highest-priority cohort in our state to receive the COVID-19 vaccine are patiently awaiting our turn. We are anxious to receive the vaccine for our personal safety and health, while monitoring complaints about vaccine rollouts in different states.

As we have reported before, criminals and fraudsters prey on unsuspecting victims who have been anxious (understandably so) about many different issues that have arisen since the beginning of the pandemic, including their jobs, the infection rate of COVID-19, the prevalence of COVID-19 in their community, obtaining relief through funds from the state or federal government, and unemployment payments.

The pandemic has been used by fraudsters and scammers to attempt to obtain personal information or money from victims. These scams have included phishing schemes, telephone schemes and the introduction of malware and ransomware into networks and systems to obtain personal information or money under false pretenses.

With the development and rollout of COVID-19 vaccines, the fraudsters and scammers continue to prey on the uncertainty and anxiety of individuals in figuring out how and when they will be vaccinated. Each state has its own rollout plan, and these plans frequently change depending on the number of allocated vaccines and how they will be distributed and administered. Unfortunately, whenever there is confusion in communication, fraudsters and scammers are at their best.

It has been widely reported that there has been an increase in attempted fraud by criminals around COVID-19 vaccinations. These schemes include emails and telephone calls to individuals providing them with information about how they can get vaccinated in advance of their scheduled time. Fake websites are set up for appointments where the criminals request individuals to input their personal information, including their name, date of birth, address and Social Security number, in order to secure a vaccination time slot.

In addition, there are some reports about a black market springing up around COVID-19 vaccinations and that scammers are luring victims to pay for vaccinations with the promise that, if they pay, they can jump the line to receive it. Unfortunately, it is very tempting, and many people are falling for it.

It has become such a problem that the Federal Trade Commission (FTC) has provided a warning and guidance to consumers about these widespread scams and how to protect oneself from them. The most basic tip is not to provide your personal, financial or health information to anyone who texts, calls or emails you regarding a COVID-19 vaccination. The FTC confirms in its warning that no legitimate healthcare site, provider or other entity that is distributing and administering vaccines will ask for this information in order for you to sign up for a vaccination when it is your turn.

As we have reported before, be very vigilant about requests to click on any links or attachments or to provide any personal information in the context of COVID-19, including around the vaccine or getting vaccinated. For more information, visit the FTC’s guidance here.

Binary Check Ad Blocker Security News

Reuters reported this week that two hospitals in England are using blockchain technology to track the storage and supply of COVID-19 vaccines. According to Reuters, this is one of the first such initiatives in the world.

The report stated that the hospitals are using a distributed ledger, a type of blockchain that uses independent computers, to share, replicate, and synchronize data in electronic ledgers in real time.

The hope is that the use of these blockchain systems will assist in monitoring the status of vaccines and keep track of vaccine shipments “from factory freezer to shots in the arm.”

The U.S. Attorney’s Office for the District of Massachusetts is warning small businesses that received loans through the Paycheck Protection Program (PPP) of a dramatic increase in reports of business email-compromise schemes related to the program. Scammers are using information about PPP recipients posted by the Small Business Administration (SBA) to impersonate PPP lenders requesting additional information about PPP loan applications or loan forgiveness.

In July 2020, the SBA published information about PPP loan recipients, which included business names and addresses for loans greater than $150,000. In December 2020, the SBA released the exact loan amounts for more than 600,000 small businesses and nonprofit organizations that received at least $150,000 in loans. The published data also included the names of entities receiving less than $150,000, which represent about 87 percent of the total number of loans in the program, as well as the name of the lender and distribution date for each loan.

Scammers are using this publicly-available information to send phishing emails to PPP loan recipients, impersonating the recipients’ PPP lenders to request sensitive information, such as email addresses and passwords, Social Security numbers, and financial information. This information could be used to gain access to a business’s computer network to compromise confidential information or for identity theft.

Recipients of PPP loans should carefully review the headers of emails that appear to come from their PPP lenders to ensure that the domain of the sender’s email address matches the domain of other emails received from the lender. They also should use common sense to question whether the lender is likely to be contacting the recipient at that particular time (e.g., in response to an application or loan forgiveness), or whether the timing appears to be unconnected to other communications with the lender. Recipients should not respond to, or click any links, in any suspicious emails; recipients may want to call their lenders if they believe the content or timing of an email is suspicious.

Suspected criminal activity may be reported to the Department of Justice’s National Center for Disaster Fraud at https://www.justice.gov/disaster-fraud.

The Federal Trade Commission (FTC) is warning small businesses that they are being targeted by scammers through a new coronavirus-related scam. The scam “starts with an email that claims to come from the ‘Small Business Administration Office of Disaster Assistance.’ It says you’re eligible for a loan of up to $250,000 and asks for personal information like birth date and Social Security number.”

Unfortunately, many small businesses have been dramatically affected by the coronavirus and are seeking assistance to help retain their employees employed and keep their doors open for business. However, governmental agencies will never send an email advising you that you are eligible for a loan and will never ask for your Social Security number over email. Such material is sent through the mail and on official applications and letterhead.

In addition, governmental agencies will not call to advise you that you have been accepted for relief or ask you for your personal information over the phone. These are scams intended to get you to tell them your Social Security number so the caller can open up credit card or other accounts in your name without your knowledge.

The same is true for scam websites offering assistance with small business loans. If you need to apply for a loan, go to a trusted entity that you have done business with before. Scammers are using the coronavirus, the need for relief, and the government’s Disaster Loan program to fraudulently obtain funds from unwary small business owners. Be wary of these scams and websites and report any fraud to the FTC.

Let’s take a look at the lessons learned in 2020 and where the drone industry might be heading in 2021. Here are some key takeaways from the past year:

  • Continued Industry Maturity: In 2020, drones are now seen as more of a tool than a novel piece of technology. That means that we will likely see a shift from tests and pilot programs to real logistical operations.
  • Industry Regulations and Policy Changes: The new year will likely bring less restrictions and regulations for beyond-visual-line-of-sight flights. We have already seen more of this in 2020 (with the pandemic being a driving factor for loosened restrictions and BVLOS operations), and now that this trend has taken off, it will likely continue. Note that in 2021, the new EU drone regulations will come into effect, too.
  • COVID-19’s Impact on the Industry: The pandemic has brought lessons and new values to light for the critical infrastructure of companies operating drones. Because of this increase in drone use over the past year, it is likely that many more companies will adopt drones into their daily functions over the coming years as well. The efficiency, safety and effectiveness of drones has come to light during this unimaginable year.
  • More delivery drones will likely hit the skies.
  • More real-time image and video capturing by drones leveraging artificial intelligence (AI).

As the demand for drones continues in 2021, expect to see a surge of innovation to meet the various enterprise needs and address regulations. On to the new year.

Working from home has shed a new light on robocalls. It is unbelievable how many robocalls I get at home even though I am on the Do Not Call List. It is very easy to monitor these calls. If I recognize the number, I may pick up. If I don’t, I let it ring until it goes to the answering service. If the caller doesn’t leave a message, it is clear that it is a scam. These days, even scammers leave a message. One day last week, a scammer left three separate messages asking me to call back or I would get arrested. This is obvious to me, but to many individuals, these calls sound real and are scary.

The same is true for my mobile telephone. The number of unknown callers to my cell phone has definitely increased during the pandemic, and I use the same technique with calls to my cell phone as I do for a residential line. It is very easy to have someone leave a message and then call them back if they are legitimate. Screening your calls should be automatic for your safety.

A new study by First Orion shows that phone scams using COVID-19 as the subject matter have been highly successful this year.

According to the 2020 Annual Scam Call Report, “[P]hone scammers are getting better at tricking you into giving up your personal information…The survey shows that scammers improved their efficiency in 2020, mainly using the COVID-19 pandemic to steal personal information from millions of victims. The data paints a clear picture of why people are becoming more reluctant to answer their phones if the call is from an unknown number.”

The survey shows that scammers are getting better at scamming people even though the scammers were calling people at the same rate as last year. The survey showed that “[I]n 2020, scammers succeeded in getting people to give up their personal information 270 percent more often than in 2019. More than one in four people reported a loss of personal information or financial loss due to a phone scam in 2020. What’s more, scams targeting Social Security numbers were 550 percent percent more effective in 2020.”

This result is shocking and disappointing. What’s more, the survey showed that because more people were at home to answer the phone, “[O]ut of all the scam calls that succeeded in getting personal information, 17 percent used the COVID-19 pandemic to get in the door. The next most frequent cover story was fake banks at 12 percent, followed by family threats (10 percent), offering a prize or money (9 percent), and student loan scams (9 percent). The pandemic also showed up in charity fraud. When scammers used fake charities as bait to scam people, 44 percent of them said they were collecting money for pandemic relief.”

Other typical phone scams included auto warranty calls which were the most common scam and actually doubled from 2019. Fake bank or credit card calls were the second most common, and false IRS/tax and insurance calls tied for the third most common.

The moral of this story is to refrain from answering calls from numbers you do not recognize, don’t fall for any of these common scams and don’t give anyone your personal information or money over the phone.

The Greater Baltimore Medical Center (GBMC) was hit with a ransomware attack over the weekend (December 5-6) that potentially delayed procedures planned for Monday. Cyber attacks against medical providers and hospitals are at an all-time high, which is particularly difficult while hospitals are trying to address the rising need for services during the pandemic.

GMBC has stated that no patient information has been misused and it is working with law enforcement and cybersecurity experts to recover from the incident.

It is a dire reminder of how important it is for hospitals, medical centers and providers to keep cybersecurity prevention measures as a top priority even as COVID-19 is raging across the nation and taxing health care resources. The cybercriminals have no sympathy for the stresses placed on care givers during the pandemic, and in fact, are using it to take advantage of vulnerable systems at the worst possible time.

Although it is logical that cyber-attacks have risen during the pandemic, and there is anecdotal evidence that it is occurring, including our own experience, an interesting new report was recently released by Allianz, which provides cyber-liability insurance products.

According to the report, “While the COVID-19 outbreak cannot be said to be a direct cause of cyber-related claims, exposures have been rising during the pandemic, particularly with regards to ransomware and business email compromise incidents, given the increase in remote working and the likelihood that security safeguards may not be as robust in the home office.”

The report analyzes the cause of loss by value of claims and the number of claims, finding 1,736 claims worth $770 million from 2015-2020. The analysis shows that external manipulation of computer systems (i.e., DDOS or phishing/malware/ransomware) is the most expensive, “but the analysis also shows that more mundane technical failures, IT glitches or human error incidents are the most frequent generator of claims.”

The report also states that “Whether it results from an external cyber-attack, human error or a technical failure, business interruption is the main cost driver behind cyber claims. It accounts for around 60% of the value of all claims analyzed with the costs associated with dealing with data breaches ranking second.”

The number one threat cited in the report is “Laxer Security Post COVID-19 Heightens Cyber Risk.” Since the migration to working from home, the report states that “malware and ransomware incidents have already increased by more than a third, at the same time as a 50%+ increase in phishing, scams, and fraud, according to international police body, INTERPOL.”

The report further reinforces the need for companies to address the increased risk that accompanies a remote workforce, employee education and engagement, and providing employees with tools to protect themselves and their employer’s data. As the report aptly states: “Employers and employees must work together to raise awareness and increase cyber resilience in the home office set up.”

The California Consumer Privacy Act (CCPA) requires businesses covered by the CCPA to notify their employees of the categories of personal information the business collects about employees and the purposes for which the categories of personal information are used. The categories of personal information are broadly defined in the CCPA and include personal information such as medical information, geolocation data, biometric information, and sensory data.

As a result of the COVID-19 pandemic, many businesses are conducting screenings of employees for COVID symptoms. In many states, it is either required or recommended that businesses conduct such screenings of employees prior to entering the workplace. These employee screenings vary across the country but many include documenting an employee’s temperature, whether they have any COVID-related symptoms or exposure to individuals with COVID-19, or documenting travel out of state or out of the country. States vary too, in the method of collection of this information, with employees completing a written questionnaire via email, text, or mobile application. COVID-19 screening and temperature data is recorded and kept daily to demonstrate compliance with state and local public health requirements.

So, what does this mean for CCPA compliance? None of us could have predicted a year ago that employers would be collecting temperature data, lists of symptoms, and travel information from our employees. If you drafted your CCPA employee notice prior to the start of the pandemic, you may want to review the categories of personal information you now collect in light of these COVID-19 data collection requirements and recommendations. For example, depending upon the type of temperature check, this data could be considered biometric information or sensory data. Your employee notice may also need to disclose how such categories of personal information are used by the business, such as to comply with state and local public health requirements.

While the CCPA requires notice to employees of the categories of data collected, in light of the pandemic, businesses may wish to review their employee notice to determine if it needs to be updated to accurately reflect any additional categories of personal information collected and how the business is using that personal information.