Covid-19 is fueling an increase of cybercrime targeting businesses across the globe. Bad actors are exploiting lax security controls caused by remote or blended working, and the vulnerability of employees who may be mixing business and personal computing in the home environment. It hasn’t taken long to turn a global Pandemic into a “Scamdemic” of significant proportion. Let’s take a brief look at some of the more prevalent types of cyber-attack and the cyber security measures business leaders can take to minimise risk.
The UK Government’s 2021 Cyber Security Breaches Survey – the official report that tracks the volume, impact and types of cyber breaches in the UK year-over-year – reveals that the number of businesses that reported cyber breaches reduced from 46% to 39% over the 12 month period. At first glance you might take that as a positive signal; on closer examination, the report goes on to explain that “the risk level is potentially higher than ever under Covid-19”. The reduced volume of reported breaches is due to the large number of business that reduced or temporarily suspended trading, coupled with the fact that other businesses who were able to sustain trading levels found it harder to administer cyber security measures, hindering their ability to identify and report attacks.
The report details the frequency of breaches and the average cost;
“[Within the reporting period] …fewer businesses are now deploying security monitoring tools (35%, vs. 40% last year) or undertaking any form of user monitoring (32% vs. 38%). Therefore, this reduction among businesses possibly suggests that they are simply less aware than before of the breaches and attacks their staff are facing. Among those that have identified breaches or attacks, around a quarter of these businesses experience them at least once a week.”
For each of those reported breaches, the government’s report estimates the average cost of cyber breach to be £8,460 across all businesses, rising to significantly higher amounts in larger organisations.
Phishing remained the most common threat vector, representing 83% of all threats, followed closely by impersonation attacks. Phishing attacks include attempts to secure your assets or cash by gaining security information, and the most common vehicles are email, SMS or social media.
While the world focussed on dodging Covid-19, bad actors moved in, full steam ahead, leveraging crises, fear and desperation as we watched scam after scam emerge on the themes of alleged Covid ‘cures’, PPE and other safety gear – eventually even the Government Relief Fund and furlough claims. With employees blending work with personal computer use, and many organisations struggling to maintain ‘business as usual’ via remote access to systems, often utilising employees personal (and often under-protected) devices, it’s no surprise that the pandemic fuelled such an increase an cybercrime.
As a minimum, you will need to have anti-virus, anti-malware and anti-spam software that will significantly reduce the threat, but it doesn’t remove the risk completely. Regarding phishing emails, anti-spam software doesn’t always look at the sender and may not capture every attack. You will need to train your second line of defence – your staff.
Awareness and education is vital in preventing employees from taking the bait. Staff can be trained to identify suspicious emails and understand the key indicators, although scammers and impersonators are becoming increasingly convincing. Conducting a company-wide phishing simulation exercise can help you identify those most likely to fall for certain scams. Then you can create a very personalised training programme to support your most vulnerable staff.
The most secure businesses in the world are still often subject to breach or attack and, when it strikes, the only way you can recoup costs may be through your insurance policy.
Here at Ziptech, we offer a complete range of cyber security information, training and services. If you believe your business may be under increased threat of attack due to remote working or for any other reason, we are likely to have helped other businesses in the same boat and we’d be happy to share our learnings.
One of the tools we use to evaluate the level of risk to our clients’ businesses is to run a phishing scan which identifies all of the attacks that your business security systems have already prevented as well as identifying those that have slipped through the net. We offer this service completely free of charge.
Get in touch with us today and we will be happy to have a confidential discussion about current, previous or anticipated security breaches and help you find ways to minimise your risk.