Over the last decade, the way we communicate with our colleagues, customers and partners has changed dramatically, thanks to email and other forms of digital communication. In fact, 98% of businesses depend on some kind of digital communication to operate. Since the outbreak of Coronavirus, this behaviour has shifted again with significant, industry-wide jumps in video calling and VoIP traffic especially.
While operators, ourselves included, are managing this usage spike and ensuring ongoing service for our customers, businesses are increasingly at risk from another source: cybercrime. With more business operations moving online, and more employees working from home, new vulnerabilities have emerged. Hubspot says that, “with worldwide fear and uncertainty, we’re experiencing the perfect storm for cyber crime and online scams.”
With so many minds now focused on how to keep business operations afloat, we’ve seen new internet-based risks emerging, and old ones that have been reinvented to capitalise on the panic created by COVID-19. Examples include attempting to access personal data, intellectual property and/or tarnish the reputation of an operation.
Cybersecurity – why is it important?
If a Managing Director decided not to lock the office doors at night, when the site gets ransacked and all the hardware goes missing, people would immediately blame the MD – rightfully so – and any business’ cybersecurity is no different. If your operation is leaving the digital door open for thieves, then at some point or another, not addressing the situation is going to leave you open for a digital ransacking!
That’s because cybercrime is big business, and nobody is safe. Cyberattacks are rarely carried out these days by bad actors working alone: hackers often work in organised teams, using cheap off-the-shelf malware to attack thousands of businesses a second, often funded by organised crime in remote and untouchable places.
Even if assets or valuable data aren’t stolen, a cyberattack will likely slow down or even prevent systems from operating at all, causing the business to grind to a halt, costing money, reducing productivity, eroding customer perception and jeopardising the entire operation’s survival.
Therefore, the only logical conclusion is that businesses need to protect themselves from these dangers to have the best chances of operating for the foreseeable future. This includes smaller operations – the idea that only large, established corporations are at risk is a giant misconception.
Are businesses, both large and small, really at risk?
Around a third (32%) of businesses and two in ten charities (22%) report having cybersecurity breaches or attacks in 2019, and the numbers are much higher among large and medium operations (60%), as well as high-income charities (52%).
Consider too that in 2019, over 60% of business and half of all charities used cloud-based computing services and that number will have only increased since the start of the Coronavirus pandemic. Growth areas like this are significant focuses for cybercriminals as there’s a lot of potential victims to choose from, and some of them will have lower standards of security than others, making them optimum targets. Plus, new services like Zoom and HouseParty – that have recently gained major publicity – haven’t had years’ of trials and testing ‘in the wild’ to address any overlooked vulnerabilities, which again presents an attractive proposition for bad-actors looking for a way to quickly breach an organisation’s system.
In businesses that have had a negative financial impact because of an attack, the average cost to the company was £4,180. Yours may be higher or lower, but remember, this figure doesn’t take into account other factors like how perception in the market may fall and the loss of ongoing customer revenue, the financial impact of the decline in productivity and any time spent rectifying the issue.
What can be done to resolve it?
There are many technologies and services available, like firewalls, VPN services, automated or managed threat detection, but the most critical tool for any business in tackling cybersecurity risk is education.
Most attacks rely on human error in not recognising fraudulent websites and emails, or other impersonation strategies, which is understandable as humans are far easier to convince than a machine.
But, if businesses did more to educate their staff around how to identify fraudulent emails, or how to validate whether a website is genuine or not, the majority of cyberattacks would fall by the wayside, allowing IT teams and ISPs to focus on stopping the highly-technical breaches that are harder to prevent, like DDoS attacks and ransomware.
We were stunned to learn that, in 2019, less than three in ten businesses (27%) and charities (29%) report having asked staff to attend internal or external training, including seminars or conferences on cybersecurity. This proves just how far we still have to go to lock all the doors and windows of our metaphorical digital offices.
For more information, please download our full cybersecurity ebook or call us on 0161 672 9900.
*all statistics derived from the DCMS’s ‘Cyber Security Breaches Survey 2019’