Cyberattacks during the pandemic have illustrated a worrying trend for businesses regarding the prevalence and severity of threats to organizations across the country and the world.
We’ve already seen a spike in attacks since the pandemic began, as cyber criminals look to take advantage of disorganized remote workforces which often lack adequate protections and policies for their data.
Phishing emails have spiked by over 600% since the end of February 2020 as cyber criminals look to capitalize on the fear and uncertainty generated by the COVID-19 pandemic.
This has led to concern from organizations, particularly SMBs, as they weigh up what approach they must take to protect their companies from harm.
Why Have Attacks Been on the Rise?
To be plain, the majority of businesses were simply unprepared for the challenges of a remote workforce and hackers have been making the most of it.
Organizations were forced to send employees to work from home and many of them didn’t have the correct cybersecurity measures in place to ensure that data handled outside their typical areas of operation was fully protected.
Workers operating under a normal working conditions might be accustomed to secured networks and secured VPNs between different offices.
But COVID put that to rest, with employees at home and not having access to those secured networks.
Consider how difficult it is for a business to safeguard just their office network, then consider how much more difficult it is for a business to safeguard an entire workforce using their own networks to access and handle data—there’s a lot more vulnerability in the latter scenario.
How Have Hackers Been Taking Advantage?
By the end of May 2020, the Internet Crime Complaint Center (IC3) received nearly the same amount of complaints for the year (about 320,000) as they had for the entirety of 2019 (about 400,000).
Hackers have been taking advantage by simply increasing the amount of attacks they’re making.
Without the failsafes normally put in place for employees and their devices, they’re uniquely susceptible to attack, and cyber criminals have responded by unloading an avalanche of attacks—often phishing—on remote workers.
With remote work unlikely to go anywhere anytime soon, organizations will have to be quick about responding to these threats and protecting themselves against them.
Everyone Is Being Hit
Large corporations and SMBs alike are being targeted.
Even some of the biggest corporations on the planet are being hit; just this month Carnival was the victim of a massive ransomware attack that led to a breach of guest and employee personal information.
Generally speaking, larger enterprises have invested far more heavily in cybersecurity than their smaller peers, and yet time and again they are falling prey to attacks.
SMBs, themselves becoming popular targets, with just under half of all attacks now targeting them, are looking towards large enterprises as an example of what’s to come.
Small and medium-sized businesses are a lot more unprepared, yet the chances of them succumbing to a breach—and the costs of being breached—are higher than ever.
This is necessitating the need for SMBs to invest in their security strategies in order to head off these threats to the best of their abilities—one of the drivers of increased adoption of MSSP services among smaller companies.
How Are Businesses Responding?
By and large, organizations are responding to these threats by investing more heavily in cybersecurity technologies and strategies.
Let’s take a look at the top five investments businesses are making to mitigate threats this year.
Multi-factor authentication (MFA) (20%)
MFA has become a staple for us in our daily lives. It’s currently one of the easiest and most secure measures that can be taken to protect information.
It requires multiple means of identification in order to access the information you want. These are typically:
- Password or PIN
While it was—and remains—common for many systems to ask for the characters of a secret answer (or similar credential), organizations are now frequently turning to MFA to prevent breaches.
37% of credential theft breaches use stolen or weak credentials.
Poor credentials are one of the primary culprits of breaches, and by utilizing MFA, companies can quite easily mitigate against threats—particularly brute force attacks.
Related Post: The Benefits of Multifactor Authentication
Endpoint protection (17%)
The number of endpoints that are being used by employees outside of traditional office networks has rocketed as a result of remote work conditions.
For organizations whose staff are using company devices to handle sensitive data remotely, it’s sensible to use a system that allows the IT team to monitor them, update them, and ensure they’re fully protected.
Because the current remote work conditions are likely to remain for long after lockdown restrictions are lifted, it’s no surprise that it ranks as the second-most important priority for businesses.
Anti-phishing tools (16%)
Many SMBs may have a basic level of protection as far as antivirus goes, but new threats require a higher standard of security.
Anti-phishing tools, like next-gen antivirus solutions, have seen greater adoption among businesses because of their greater sophistication in averting modern types of attacks; including phishing.
Next-gen antivirus characteristics include:
- Machine learning: Files are analyzed before use using an automated bot which can discover any malicious elements—all without any interruption to the user.
- Behavior analysis: Computer processes can be monitored in real-time and detect any abnormal behavior, terminating malicious processes.
- Threat intelligence: When a device encounters a threat, every other device under network will be updated to counter the danger without any need for manual input.
VPNs have seen massive adoption by organizations in the wake of the pandemic—in fact, usage increased well over two-fold during the early stages of lockdown.
Between March 8 and March 22, 2020, VPN usage in the US increased by 124% in response to COVID-19, an indication of how individuals and businesses are reacting to recent rising cybersecurity threats.
The reason for this is simple—VPNs allow businesses to create virtual networks for their employees to work within without worrying about external actors gaining entry.
Public, home, and other unsecured networks, for example, can be risky for staff to use, making VPNs appropriate for businesses to use, especially those who have large amounts of sensitive data being handled by remote staff.
Security education (12%)
Lastly, there is the adoption of cybersecurity training programs to help mitigate attacks.
The majority of cyberattacks that take place do so because of human error. Phishing is the most prominent example of this—the practice relies on human error to succeed; someone clicking on an email they shouldn’t.
Some estimates suggest that up to 90% of cyberattacks are in part as a consequence of human error.
This is why organizations are investing so heavily in education for their staff—many of the risks of attacks can be mitigated by simply training end users on what to look out for and how to deal with a threat.
With just 31% of people receiving annual company-wide training or updates from their employer, there’s plenty of room for improvement for businesses looking to bolster their threat mitigation.
In light of recent events, many organizations have found themselves playing catchup with their cybersecurity, trying to implement makeshift solutions to make up lost ground while their workforces are working remotely for the immediate future.
To find out more about how you can ensure your business’ cybersecurity is in good shape for now and for the future, download our eBook, “What Makes a Good Cybersecurity Defense for a Modern SMB?”.