We have seen how the pandemic has compromised cybersecurity, with cybercriminals and scammers taking advantage of a reduced level of security in some companies due to the unexpected and rapid increase in working from home.
When it comes to alarming cybercrime statistics and reports, it seems that no industry or sector has remained unscathed. The result has often crippled victims’ computer systems and forced them to pay huge ransoms to get back online or have their data returned. Such is the threat that cybersecurity was listed as the top CEO issue in KPMG’s CEO Pulse 2021 survey – beating out regulatory, tax and supply chain concerns.
Given the coverage of these large-scale attacks, there might be a misconception that cyberattacks or data breaches are things that only happen to big businesses. But small organizations are just as at risk of suffering a cyberattack as their larger counterparts.
A perfect storm
The disruption caused by the pandemic, combined with the establishment of a new remote workforce, has resulted in a wave of sophisticated cyberattacks and breaches. Recent research shows that 86% of UK cybersecurity professionals said attacks had increased due to employees working remotely.
Likewise, the rush to establish remote workforces has led organizations to inadvertently loosen security or misconfigure devices. These shortcomings in traditional cyber defenses, combined with changing ways of working, have made it harder to spot potential attacks, meaning the pandemic has created a “perfect storm” for cyberattacks.
According to figures from the UK Department for Digital, Culture, Media and Sport (DCMS). two in five businesses and more than a quarter of charities recently reported experiencing cybersecurity breaches or attacks.
Elsewhere, lack of expertise has the biggest negative impact on cyber resilience within small businesses, according to a survey by Infosecurity Europe. Nearly half believe small businesses have a responsibility to educate and support themselves to become cyber-resilient.
However, when asked how the pandemic affected their spending on cyber resilience, a quarter of small businesses (24%) spent less. Only 18% have spent significantly more, while 43% say “little has changed”.
Understand the threat
This underscores how critical it is for small businesses to realize that they can be an easy target for cybercriminals and fraudsters. With companies implementing hybrid working post-pandemic, they have become vulnerable to frequent automated attacks that put them in a vulnerable position.
Now more than ever, enterprises need to focus on their tailored security needs as enterprise IT architecture becomes more complex. Cybersecurity and IT support are actually different jobs, with security now being a separate standalone discipline. Any SME’s assumption that their IT support is taking care of their security, when in reality that may not be the case, is not only dangerous but could have huge ramifications for businesses and their clients.
“Any business that holds its own confidential data or that of its customers that is involved in financial transactions, or that relies on technology systems and platforms to operate on a day-to-day basis, presents cybercriminals with an opportunity for payment diversion. , data theft and ransom demands,” says Damian Wasey, chief commercial officer of cybersecurity support firm Mitigo. that they cannot meet the cybersecurity requirements of their subcontractors.
“It’s hardly surprising,” he adds. “Big corporations are realizing that in this connected world, bad guys are using smaller vendors to infiltrate their own defenses.”
So, are companies getting too complacent when it comes to security? According to the NCSC Cyber Security Breaches Survey 2021, there are worrying signs of complacency among UK businesses when it comes to cyber threats.
It says fewer companies are using security monitoring tools to identify anomalous activity that could indicate a breach. This suggests that companies are less aware than before of the breaches and attacks that staff face. The figure has dropped five percentage points since last year to one in three companies. Only 83% of organizations have up-to-date anti-virus software, which is also down five percentage points from the previous year.
Almost half of companies (47%) have staff who use personal devices for work, but only 18% have a cybersecurity policy on how to use these personal devices at work. Less than a quarter of companies (23%) have a cybersecurity policy covering working from home.
NCSC Cyber Essentials
NCSC Cyber Essentials is a government-backed program that helps businesses protect their organization, regardless of size, against a range of the most common cyberattacks.
A readiness tool asks a series of questions to help prepare businesses for Cyber Essentials certification. The tool asks questions about the use of hardware, software, and peripheral devices such as firewalls, as well as the use of passwords and malware protections.
At the end of the survey, organizations receive a tailored action plan that outlines the steps needed to prepare for the certification process. Visit NCSC Cyber Essentials.