Cyber security and the ongoing impact of COVID-19
January 2021 | FEATURE | RISK MANAGEMENT
Financier Worldwide Magazine
January 2021 Issue
COVID-19 has forced us all to become more reliant on the internet than ever before. Through periods of lockdown, and while social distancing is advised, online infrastructure has become the core hub for communication, commerce, working and learning.
While industries quickly embraced this change to keep their operations running, and individuals became accustomed to remote working and e-commerce, cyber criminals have also taken advantage of the shift in online practices.
Cyber crime has been rising throughout the year, according to Europol’s ‘Internet Organised Crime Threat Assessment’ report. This growth is not surprising, however, as malicious actors have always been opportunistic and resourceful, adapting their approach to enhance success rates. The COVID-19 crisis has been no different. The crisis has seen a significant target shift from individuals and small businesses to major corporations, governments and critical infrastructure, according to Interpol.
“COVID-19 has increased the cyber security risks for organisations of all sizes and also for individuals,” says Robert Bond, senior counsel at Bristows. “With little notice we all ended up working remotely and we were not all fortunate to have VPN access and office equipment. We have been using personal devices, using more video conferencing, using more apps and mingling office and home activities. This has allowed ‘bad actors’ to prey on the vulnerabilities and maximise lapses in security and confidentiality to acquire information and disrupt normal business.”
Plugging gaps
For many companies and their IT teams, business continuity has been a key priority. But the COVID-19 crisis has strained budgets, exposed deficiencies in cyber security defences and brought the IT skills gap into sharp relief.
“Cyber security personnel are facing the same sorts of challenges with maintaining their work/life balance concerns with children in virtual school and so on,” says Will Quick, a partner at Brooks Pierce. “The impact that we immediately see as a result of these issues is that sometimes there are not people available at the company to answer important questions about why a system is set up a certain way or, even worse, who know how to appropriately respond to an incident to secure the company’s systems.”
Addressing the skills gap will be key. “An increased focus on science, technology, engineering and mathematics (STEM) subjects at schools, considering and addressing the underrepresentation of female and black, Asian and minority ethnic (BAME) workers in cyber and the wider tech sector, and promoting prominent role models with clear engagement strategies with big business, innovative cyber startups, universities and schools would all be positive steps forward,” believes Gareth Oldale, head of data privacy and cybersecurity at TLT.
Companies need to respond to evolving cyber threats despite the complex challenges they currently face. But there may be a dip in cyber security spending as companies prioritise other issues they perceive to be more important to their immediate survival. More than 70 percent of security executives also believe that their budgets for fiscal year 2021 will shrink, according to McKinsey. Looking further ahead, however, a cyber spending crunch is unlikely to last.
“As more companies fall prey to attacks and more about those attacks is publicised, it is likely that the pendulum will swing back the other way,” says Mr Quick. “We also expect that as companies begin to think more deeply about where their employees will be working from in the future – for example, whether they will be returning to traditional offices or continue to operate remotely – cyber security will become a bigger part of the planning in that process.”
Particularly as companies continue to utilise remote working, they must take a layered approach to cyber security resilience. This includes ensuring that cyber security responsibility and awareness is deeply embedded in the organisational culture.
“On top of security we need to address the human weaknesses and implement suitable working from home policies and policies regarding social media and bring your own device (BYOD) risks,” explains Mr Bond. “There is a need for plain language advice to staff and training and appropriate monitoring of performance and adherence to policies. The National Cyber Security Centre has produced valuable advice for businesses on how to anticipate cyber risks.”
Clearly, cyber security will continue to be an area of potential vulnerability in the coming months as bad actors evolve their methods and chase new targets in an effort to gain access to prized data. “The value of big data sets is only ever increasing,” says Mr Oldale. “This means that organisations which might not have been an obvious target previously could now be of more interest to hackers.
“Those data sets are valuable to hackers for a number of reasons,” he adds. “In response to COVID-19, more organisations are collecting data that they have not traditionally had to process, meaning hackers may see these as soft targets whose cyber defences may be weaker than some of the more institutional targets such as banks, universities and government departments.”
Threat actors will continue to exploit the uncertainty caused by COVID-19. It is crucial that companies act to embed cyber security into their culture and remain vigilant as the ‘next normal’ takes shape.
© Financier Worldwide
BY
Richard Summerfield