With the sudden shift in the last 12 months from fewer face-to-face interactions to a far greater level of communication online, the reliance on technology has grown to an even greater level. This has caused many people who did not use technology very often (and whose knowledge of using such devices was minimal) to use equipment they are not familiar with on at least a daily basis.
This is not just the case for people in their homes, but also for many companies as well. Those that did much of their business in many forms have now seen that contract to be mostly online, which is something many businesses are ill-prepared for. It has not just been a case of a poorly designed website (although that is a big issue), but the security measures in place for such a large amount of extra online interaction are woefully inadequate.
Cybersecurity in larger companies
Many larger companies will have measures in place and will often have their own cybersecurity teams in place and will have a SOC (security operations center) to monitor, prevent, detect, investigate, and respond to cyber threats that affect the business. The problem is that many smaller businesses do not have the capabilities, resources, or the budget to do this, which can leave them prey to even the most basic of cyber threats.
One solution is to outsource this to a specialist company that has the expertise and the tools to protect the business from data breaches. However, there is a level of resistance to this due to the expenditure involved.
The cost of a cyberattack
While this might be correctly regarded as another overhead to add to the cost of doing business, it could also be considered a vital one. The cost of a successful cyberattack can be devastating to a small company, both in financial terms and those of lost reputation. It is a sad reality that many go out of business within months of a successful cyberattack.
If this were not a compelling enough reason on its own, there are additional benefits for a small company outsourcing its network security to a specialist company, one of which has been brought into sharp focus over the last 12 months.
Increased cybercrime opportunities
With the increased number of people working remotely due to the coronavirus pandemic, and the need to access sensitive data outside of the usual secure office environment, there is an increased number of opportunities for cybercriminals to strike. This is a particular problem if the business is poorly set-up for remote working, with many of the IT systems outdated and no longer fit for purpose.
One advantage of switching to a cloud-based network is that physical servers no longer need to be upgraded as the cloud resource is flexible and almost infinitely expandable. This removes a cost almost immediately as well as upgrading existing systems and making them more secure. A knock-on benefit of this is that it also frees up a member of staff to concentrate on core business tasks instead of ones they may not have been adequately trained for.
The value of end-user education
A key area in combatting cybercrime, both at personal and business levels, involves educating the end-user, as the most successful cyberattacks do so because they are assisted by an unwitting human accomplice. This tactic is known as social engineering and falls into several categories, all of which will be familiar.
The most common is a malware attack in the form of an email. It will either have a link or an attachment containing a virus or ransomware, with the email body containing a compelling reason to act without thinking things through. This type of email is usually purportedly from a legitimate source, aiming to exploit the trust the end-user has in that source.
A similar tactic is used in phishing emails to capture login or card details which are then used immediately or sold on to be used at a later date. While most people would not fall victim to these types of threats, there are now additional factors to consider.
More sophisticated cyberattacks
Firstly, these threats are becoming more sophisticated. While phishing emails are typically easy to spot with out-of-date graphics and sent en masse to tens of thousands of people at once, a new type of more targeted, more detailed threat exists. These ‘spear phishing’ emails are harder to spot and easier to fall victim to.
Secondly, a large number of people working from home might not have a dedicated place to work from and might be subject to a multitude of distractions that can badly affect their concentration and lead to them doing things they would not ordinarily do in a work environment.