A 2020 recap on cyber security and how to build resilience in 2021
2020 was a difficult and unprecedented year that affected families, individuals, and businesses in multiple ways in all corners of the world. Due to the coronavirus, businesses and their employees had to adapt to remote working or spending more time at home. This led to rushed technology adaptations from businesses to allow for remote working and a dramatic increase in internet activity due to the homebound public seeking entertainment from their home computers and streaming services.
Although these changes were a necessary adaptation for businesses to survive through the pandemic and stay trading, the increase of cyber security threats and attackers’ activity has unfortunately sky rocketed.
In the latest 2020 cyber security breaches survey posted by gov.uk it shows that almost half of businesses (46%) and a quarter of charities (26%) report having cyber security breaches or attacks in the last 12 months.
The attack route has also significantly changed with a rise in businesses experiencing phishing attacks (from 72% to 86%), and a fall in viruses or other malware (from 33% to 16%).
So, what has caused this significant increase in cyber activity and why has the attack approach changed?
In Q1 of 2020 the UK went into the first lockdown of the year, causing businesses to adapt rapidly to remote working. As businesses did this it was evident that regardless of size, most businesses, even the already most technologically invested companies, had to make changes and further investments to make this dramatic change. Businesses had to undergo varying forms of digital transformation almost overnight. Within these transformations’ investments needed to be made in equipment and software to make remote working possible. Laptops, new software, file storage and even office furniture were among the things needed.
Key adaptations included the adoption of new software and cloud services such as Microsoft teams, Zoom, SharePoint and Dropbox. Businesses who relied on paper-based systems in their workplace were most heavily affected by this due to no longer being able to carry out their jobs as they normally would and quickly having to set up their employees with these new systems.
Whenever substantial changes to a business like this take place, new policies, procedures, and training should always be put in place to ensure the new systems are set up securely. Unfortunately, this was something many businesses were not able to do as understandably they were just trying to survive.
Attackers saw the opportunity to exploit weaknesses in newly adopted systems, and to prey on staff who were now working from home, often on unsecured personal Wi-Fi networks. Phishing attacks via email, phone calls and texts has become the attackers go-to way to catch out remote workers. Staff may drop their guard when in a more relaxed home working environment and are less secure working from public networks.
As we have now entered 2021, remote working is here to stay, at least for the first half of the year. Something that we can be certain of is that cyber attackers are not going to stop taking advantage of the above points.
The good news
As per the government’s cyber breach survey it noted that it is promising that cyber security awareness among companies has increased as business risk and board level engagement has increased action to identify and manage cyber risks making them more resilient. Eight in ten businesses say that cyber security is a high priority for their senior management boards (80%, up from 69% in 2016). Three-quarters of charities say this about their senior management (74%, up from 53% in 2018).
So, what can be done to build resilience in your business in 2021?
Training
The first key thing that all businesses regardless of size should consider undertaking is cyber security training. Key staff members in businesses who have access to personal information and the power to make payments such as MD’s CFO’s and accountants should be up to date with cyber attacker trends, such as phishing attempts, so that they do not fall into the traps of making payments to scammers or leaking business information that attackers can use to their advantage.
Cyber Essentials Accreditation
After training, obtaining Cyber Essentials accreditation will implement the baseline cyber security protection needed to help mitigate the most common threats to small to medium sized businesses. Cyber Essentials is a Government-backed and industry-supported certification scheme that provides a clear statement of the basic controls organisations should have in place to protect them. By obtaining Cyber Essentials best practice such as IT policies and procedures will be put in place to mitigate common threats. You can highlight the logo on your website demonstrating to customers that you take their data and your security seriously.
Penetration Testing
To ensure the infrastructure or website of your business is secure a penetration test is the best way to find vulnerabilities a cyber attacker could exploit. A penetration test could also be performed on the software service that you sell to your customers, securing your supply chain. A penetration test is where a qualified team of highly skilled security testers simulate an attack on a business using methodologies that a real hacker would use. This allows them to find vulnerabilities, then advise and help on fixing them.
Here at borwell we create secure software solutions, from bespoke systems to run businesses to systems to help visualise and realise the benefits of businesses data. We also have a cyber security team called Cybx that offers products and services to help your organisation become more cyber resilient and better prepared against attacks. Based in Malvern, Worcestershire the Cybx team can help you with your cyber resilience in 2021.
If you would like to get in touch to help mitigate your risk from the points raised above please contacts our Cybx team at [email protected] or visit our website on www.cybc.co.uk.