There’s no doubt that the Covid-19 pandemic brought many challenges to businesses of all sizes. They were faced with the monumental task of replicating their office environment remotely and often quickly.
That left little time to ensure the right controls were in place to minimise the risk of cyber attacks.
Indeed, the UK government’s Cyber Security Breaches survey for 2021 found that these cyber attacks were a ‘serious threat’ to every charity and business.
The 2021 survey found that:
- 39% of firms and 26% of charities report having cyber attacks or security breaches in the previous year
- 65% of medium businesses reported attacks
- 64% of large businesses reported a breach
- 51% of high-income charities saw cyber attacks.
The average cost for a business in the survey of a cyber security breach is estimated at £8,460 – which includes businesses of all sizes.
It’s also worth noting that in 2020, at the height of the pandemic lockdown, 46% of firms were affected by cyber attacks.
How has the pandemic affected cyber security?
However, the seventh survey on how the pandemic has affected cyber security was published in March 2022. It found that:
- 39% of businesses in the UK identified a cyber attack in the past year
- 83% of those firms reported phishing attempts
- 26% identified a more sophisticated attack type – such as malware, a denial of service or ransomware attack.
The survey also highlights that just 19% of businesses have a written incident management plan.
The news for vulnerability management is better with the survey revealing that:
- 83% of businesses have up-to-date anti-malware protection
- 39% have a patch management policy
- 35% have used security monitoring tools
- 17% undertook a cyber vulnerability audit
- 14% say they have used threat intelligence.
Small businesses are also under a threat from cyber attacks
It’s not just large businesses that are being targeted by cyber criminals – small businesses are also under a threat from cyber attacks.
A report from Vodafone highlights that SMEs account for 99.9% of the business population and employ 16.8 million people.
However, they are also uniquely vulnerable to cyber attacks because of their lower turnover, tighter margins and poorer standards of cyber security protection when compared with larger firms.
The survey highlights that more than 1.3 million SMEs risk folding because of the cost of an average cyber attack.
Vodafone says that cyber attacks cost the UK economy £34 billion a year – or 10% of the Government’s Covid-19 borrowing.
They say that ‘with more businesses working remotely because of the pandemic, we expect this figure to rise’.
The research reveals:
- Covid-19 is accelerating cyber security policy commitments
- Digitisation across the economy is inevitable – and this comes with risks that the government acknowledges
- Cyber attacks have risen since the Covid-19 pandemic began – up by 30% on UK businesses during 2020’s first quarter alone
- PWC notes – in June 2020 – that was an increase in ransomware and phishing attacks – and many of these were disguised within emails purporting to be from the UK Government.
The Vodafone survey also reveals:
- 23% of SMEs say that an average (small business) cyber attack costing £3,230 would destroy their business – that’s 1.3 million SMEs
- 16% say they would have to lay off staff
- 23% would have to use financial reserves
- 22% say a cyber attack loss would not have a material impact
- 41% had experienced a cyber attack in the previous 12 months – 20% experienced six or more
- 31% had seen an increase in cyber attacks since the lockdown began in March 2020.
What the covid-19 pandemic teaches us about cyber security
The pandemic has shown us that businesses need to be prepared for anything.
As the UK Government cyber attack survey reveals, having a plan in place for how to deal with a potential cyberattack is now more important than ever.
According to a recent study by IBM, the cost of a data breach has increased by 12% over the past five years. They also found that:
- Phishing attacks have become more common as criminals try to take advantage of the fact that people are working from home and may be more likely to click on links in emails.
- Ransomware attacks are also on the rise, with criminals targeting businesses of all sizes to extort money.
Their report makes clear that businesses need to be aware of the increased risks they face and take steps to protect themselves. This includes:
- Ensuring that their remote working infrastructure is secure
- Training employees on cyber security best practices
- There is a robust incident response plan in place in case of an attack.
How the pandemic has changed the way we work
Along with having staff work from home and trying to keep data secure, another change that we have seen is an increase in the use of video conferencing and collaboration tools.
These tools have become essential for businesses to continue operating during the pandemic, but they’ve also created new risks.
For example, many of these tools are not encrypted by default, which means that there is a risk that sensitive information could be intercepted by criminals.
What businesses can do to protect themselves
There are several things that businesses can do to protect themselves from the increased risk of cyber attacks.
Perhaps the most important thing is to ensure that their remote working infrastructure is secure.
It’s also important to train employees on cyber security best practices.
This includes things like not clicking on links in emails from unknown senders, not sharing sensitive information over unsecured channels, and being aware of the risks of using public Wi-Fi networks.
Finally, businesses should have a robust incident response plan in place in case of an attack.
This plan should include steps like isolating affected systems, contacting law enforcement, and notifying customers if their data has been compromised.
The dangers of working from home
While there are many benefits to working from home, it’s important to be aware of the dangers that it can pose to your firm’s cyber security.
One of the biggest risks is that your home network may not be as secure as your office network. This means that if you’re working on sensitive data, there’s a greater risk that it could be intercepted by criminals.
Another danger of working from home is that you may be using unfamiliar or unsecured devices. For example, you might be using your personal laptop for work rather than a work-issued device.
This can pose a risk if you’re not careful about what you’re doing on your device and you might, for example, accidentally download malware or click on a phishing email.
For many organisations, working from home can make it more difficult to stay aware of cyber security threats because staff might not be as quick to spot a threat or know what to do if they are attacked.
The future of cyber security post-pandemic
There’s no doubt that the pandemic has had a big impact on the way we work.
It’s likely that many of the changes that have been made in response to the pandemic will become permanent, and this includes changes to the way we work.
The recommendation from IBM above will help firms to start thinking about the future of cyber security.
However, there’s also a possibility that we will see more regulations around data security so your business will need to review its data handling practices and put in place more stringent controls.
What new cyber techniques/technologies have emerged from the pandemic?
Organisations need to be aware of the new techniques and technologies that have emerged to protect themselves from these threats. Some of these include:
Two-factor authentication (2FA) is a great way to add an extra layer of security to your organisation’s login process. It requires users to provide two pieces of information before they can access their account – usually a password and a code that is sent to their mobile phone.
This has helped businesses that moved to a remote working model by ensuring that only authorised personnel are accessing work networks. 2FA means that even if threat actors breach an employee’s home laptop or computer, they won’t be able to hack into a business using that employee’s credentials.
End-to-end encryption is another important security measure that organisations should consider implementing. This means that all communications between two parties are encrypted, so that only the sender and receiver can see the contents of the message.
Password managers are another useful tool for organisations as they help employees to create strong, unique passwords for all of their accounts. This means that even if one password is compromised, the rest of the organisation’s accounts will remain secure.
By implementing some of the new techniques and technologies that have emerged, organisations can help to protect themselves from the increasing threat of cyber attacks.
What the covid-19 pandemic teaches us about cyber security
The pandemic has been a wake-up call for many businesses when it comes to cyber security.
The rapid shift to remote working has highlighted the need for businesses to have secure infrastructure and systems in place. It has also shown the importance of employees being trained in how to stay safe online.
The pandemic has also seen an increase in cyber attacks because businesses are more vulnerable when they are operating remotely.
However, from business surveys, it does appear that cyber criminals are taking advantage of the fact that many businesses have not yet put in place adequate security measures.
So, if the pandemic has taught us anything at all, it is that cyber security is crucial for businesses of all sizes.
By taking steps to secure their data and employees, businesses can help to protect themselves from cyber attacks – today and in the future.
Browse more articles from our experts and discover how to make better use of IT in your business.
As the most common form of cyber crime, phishing affects both individuals and businesses. Find out how attack vectors and trends are developing with the latest phishing statistics. Read More
Read the latest cyber crime statistics, updated for December 2023, and see how the threat landscape has changed in recent years. Read More