Unlike the movies, where most cyber threats involve a web of intrigue, espionage, and complex power-plays, the primary motive behind 86% of cyber security breaches is financial, according to a recent report by Verizon.
Cybersecurity Ventures predicted that cybercrime would cost the world $6 trillion annually by 2021, up from $3 trillion in 2015, making it more profitable than the global illegal drugs market.
Given the sums of money involved and the ease and anonymity provided by crypto currencies, it is hardly surprising organised criminal groups are behind over 55% of security breaches. Cybercrime has long been escalating in line with our demand for instant connectivity through a myriad of devices, but the arrival of a global pandemic in 2020 has significantly increased the opportunities available to cyber criminals. Protecting our digital assets is no longer merely an IT issue; we all have a role to play.
The impact of Covid-19 has accelerated the demand for technological and digital innovation at a pace and breadth that not even the most ardent digital advocate could have predicted. According to a new McKinsey Global Survey of executives, “Companies have accelerated the digitisation of their customer and supply-chain interactions and their internal operations by three to four years. And the share of digital or digitally enabled products in their portfolios has accelerated by a shocking seven years”.
As digital and technology chiefs grapple with the increasing demands of a remote workforce, agile systems, new customer engagement platforms, and cloud-based everything, the scale and speed of digitalisation has left them increasingly vulnerable to cybercrime. Even before Covid-19, the world’s digital content was expected to grow from 4billion terabytes (4 zettabytes) in 2016 to 96 zettabytes by 2020. However, it isn’t just the rapidly increasing number of digital targets, the scale of the criminal appetite or the sophistication of the weaponry our cyber defence teams are having to defend against, there is the Covid induced cultural chaos too.
Scammers are known to prey on the vulnerable, particularly during natural disasters or tragic events. Think about it, people are naturally distracted and less guarded. In an interview with Cyber Crime Magazine,
FBI Cyber Division Section Chief Herb Stapleton outlined the unique vulnerabilities created by Covid-19. Stapleton explained, “many events like a hurricane are localised in their impact … this [Covid-19] has a global impact. As a result, there is a more fertile ground for scammers … as everyone across the globe has been affected in some way”. He went on to say that since March 2020 and the onset of Covid-19, the number of complaints received by the FBI’s Internet Crime Complaint Centre tripled from an average of 1,000 to 3,000 a month. The pandemic has fundamentally altered many of our work and life patterns making cybercrime easier.
Working from home is now the accepted norm for many and that is unlikely to change in the future.
Gartner surveyed 127 company leaders in July 2020 and reported that 82% intended to offer an element of remote working and 49% would let employees work completely remotely.
Working from home increases the cyber vulnerability of individuals who need to rapidly understand the threats, particularly from phishing (attachments and links sent via email that infiltrate your system). According to Kathy Hughes, VP and CISO at Northwell Health, New York’s largest private employer “People are the weakest link in the security chain,”. This is key when you look at something like Ransomware, a malware designed to infect computers and restrict access to files; it often contains threats of permanent data destruction unless the ransom demand is met. Readily available through the dark web, the majority of Ransomware is delivered via innocent looking phishing emails sent to individuals with compelling looking content. Cyber Security Ventures also highlighted this vulnerability saying, “Ransomware - the fastest-growing type of cybercrime - will claim a new victim every 5 seconds by 2021.” It goes without saying that training and support from our already over-stretched cyber security teams in this area are vital. But this particular challenge is one that needs all of us to stay vigilant and be aware of the threat.
So, how do we combat the increased threat level? The current shortfall of cybersecurity talent is
4 million worldwide, according to the
ICS² latest cybersecurity workforce study. This is not something we can just hire our way out of or leave to an overstretched team. Successful organisations will rapidly improve their understanding of cyber security through widespread training and development, creating a culture of collective responsibility.
At Norman Broadbent, we have been integral in sourcing the right cyber talent for a range of clients. From experience we know that culture is as important as capability, as these roles will inevitably be about leadership and influence as much as intel. Cybersecurity is something we need to all take ownership for. Those who succeed will make it integral rather than a clunky bolt on. This is cultural as much as it is technical, but if the last year has taught us anything, it is that we are capable of adapting faster than any of us thought possible.
If you would like to discuss this piece in more detail, the wider market, and/or your growth plans or challenges, please do not hesitate to contact Andrew Smith via
andrew.smith@normanbroadbent.com for an initial confidential discussion.