Wed 29 July 2020
It’s difficult to estimate just how much more difficult, disrupted and isolated our professional and business lives would have been over the last four months without technology.
Just imagine not being able to see our loved ones, connect with colleagues or interact with potential new customers without user friendly and cheap video calling technology.
From a working perspective, how much more severe would the economic impact of the Covid 19 lockdown be on UK plc, without remote working technology which allowed so many businesses and employees – ourselves included – to switch almost overnight from office based to home working?
While we are now all Zoom, Teams and Facetime natives, and as the vast majority of working population now accesses their company’s IT systems from home, there has been a huge spike in cybercrime.
We have seen cyber criminals adapting to the situation, using different tactics, and exploring new ways to attack Individuals and businesses. We’ve identified a number of new attacks from the beginning of the pandemic, from targeting users who were new to home working, to exploiting vulnerabilities in IT infrastructures that might have been quickly set up by IT departments to accommodate new working arrangements.
A large increase of those attacks have been highlighted through the use of phishing attacks; targeting users, who are now on the end of these technologies, taking advantage of their human nature, to fall victim of the attack by clicking insecure links- infecting devices, networks and crippling organisations’ functions.
According to a survey conducted by Capterra, there has been a 45% increase of phishing attacks in relation to the virus since April and May.
To reduce the risk of attack through phishing, training and awareness of users is key.
Making sure employees who are digitally connected to company IT networks and have access to sensitive data are aware of the ever-evolving threats through a structured programme and engaging content.
The same survey conducted by Capterra, recorded 32% of the remote workers had not received training online or face-to-face, and with almost half of them using their personal device to work.
As well as an increase in attacks targeting users, we have seen an increase in aggressors exploiting weaknesses in IT infrastructure. There are a number of reasons why this might be the case, often due to in house IT teams and outsourced providers having to quickly adapt to the demands of new ways of working. Unfortunately in some cases shortcuts have been taken, meaning that validation exercises which ensure security measures have been implemented have put on hold or even forgotten. We believe that mid-market companies are particularly vulnerable as they’re less likely to implement best-in-class cyber security than larger companies, or to require their suppliers to do the same. Nevertheless, they have a level of resources that makes them an attractive target, and a network of offices that makes fraud easier.
Unfortunately many businesses in the mid-market still believe they are below the criminals’ radar. In truth, every business from a widget manufacturer in Lancashire to an e-commerce company in Birmingham is a target every day.
Amid this rising tide of cyber risk, help is at hand. If you would like to discuss your company’s cyber needs, or conduct a risk assessment, please contact Henry.A.Fulbrook@uk.gt.com or Matthew.DJI.Musto@uk.gt.com.