Cyber Risk Post Pandemic… Just when you thought it couldn’t get worse... Just when you thought you could relax (a teeny bit)...
…but life isn’t like that sometimes. As business owners, as managers, as leaders in your companies- we double down, we pivot, and we plan for a still uncertain but certainly rocky future. We are masters of resilience and grit, determination, and vision. Right now, companies of all industries and sizes who have been able to weather the storm so far are staring at the horizon, hoping to find a path to stability. But it’s not smooth sailing just yet.
Getting hacked after surviving this economic and global pandemic is like surviving COVID but then getting stung by a giant murder hornet.
The Easy Jet Breach, the PWC website hack, Travelex, GoDaddy, MGM, and more in the first 5 months of 2020, and especially the last 8 weeks- clearly demonstrates that we’re not out of woods in terms of major cyber risks which could result in business disruption or dissolution. While people agreed that the lockdown was necessary to limit the spread of COVID-19, it has also introduced security risks that have caught organizations off guard. From Zoom accounts being sold on the dark web to Covid phishing scams, PPP Loan fraud, and the SMS Smishing explosion it’s been almost too much to wrap your head around on a weekly basis as the digital landscape changes and evolves.
Almost half of organisations have suffered a cyber security incident as a result of the sudden shift to remote working, anew studyhas found.
FBI reported a 4x increase in cybercrime reports during the pandemic
Hindsight is 20-20. But the future is murky. In your agenda for the rest of the year, have you gotten serious about shoring up your security?
Are you reviewing the security practices of third-party services, for example? Do you have a patch management plan to make sure everyone has the latest software updates? Are your staff aware of their security responsibilities while working from home?
Many are still reacting to the seismic shift in March:
of employed Americans currently say they have worked from home during the crisis, a number that has doubled since mid-March.
According to one source, by 2028, 73% of all teams are expected to have remote workers.
of cyber incidents are caused by employees (error, phishing, or malicious insiders)
Cybercrime isn’t a passing phase or something that only happens to other people and right now it’s on fire.
5 Ways Future Proof Your Business Cyber Risk Post Pandemic
Here are 5 things you can do today to build a modern foundation of cyber-secure humans on your team that will help you adapt to the ‘new normal’ (whatever that may be at this point!). For years, it has become more clear that securing your business from cybercriminals is a fundamental business competency. It is increasingly moving up the board-level agenda at major global corporations, for small and midsize companies to survive this economic, pandemic, and cybercrime crisis- a quick fix or low-hanging fruit will only kick the can down the road. The risk will still be there, and companies far and wide need to level up.
1. TRAIN FOR THE NEW NORMAL, NOT THE OLD NORMAL
Consider everyone in your company and how their work has changed. Building a foundation for the future means not just educating your teams on what technology to use and how to use it but also delivering learning in a way that fits into remote working schedules and the new virtual paradigm.
2. THINK BEYOND PHISHING
Where before a tick box exercise to say ‘yup, we train on phishing’ was enough, threats are now more prevalent across the entire landscape. Here’s our blog that explains what you may be missing. Up-skilling a workforce to act as adaptive defense agents against a wide range of threats from an ever-improving adversary means more than one e-learning module off the shelf.
3. WIN HEARTS AND MINDS
There are many ways to make it interesting- cyber awareness training doesn’t have to be dull or dry. The heavy lifting in this area isn’t about governance or audit requirements but in the hard work of mindset shifting and habit breaking. As we always say, just because your team can define malware doesn’t mean they know how to keep your company safe or care enough to do so.
4. DO THE BASICS BEFORE THE COMPLICATED
You don’t need to be the fastest gazelle, you just can’t be the slowest. Getting the whole team to do the basics can create an incredibly strong barrier for many of the spray and pray attacks out there today. Password hygiene and online safety basics when adopted (not just ‘trained on’) are mission-critical. We see small and midsize companies (ok big ones too) continually chasing a silver bullet technology solution that will ‘secure’ everything. Don’t drink the kool-aid, that solution doesn’t exist.
5. MAKE IT A CONTINUAL JOURNEY
Once a year training will tick the box, but it does not create any true risk reduction outcomes for your organization. One example of this: the forgetting curve shows us that over 80% of knowledge acquisition is lost within 2 weeks in adults. When you add on the pace of technology change and the rapid evolution of the cybercrime landscape (see the COVID examples above- this disruption is what criminals live for)… your learning system and content need to keep up.
As only 53% of companies did any cyber awareness training before the coronavirus outbreak, and of that, much was rooted in delivery styles and focusing on threats of the past. If your company is one of the 47% who hasn’t yet implemented a program or one who hasn’t started with the basics- now is the time to start. In a way, you will have a slight edge by starting on a path of holistic modern digital skills and mindset shifting- as you can leapfrog your staff into the future, the ‘new normal’ of remote working, virtual teams, and what will inevitably be a slow and challenging recovery. The cybercrime explosion, the complexities of remote working, and the still uncertain future mean that a clear, safe, easy path is not the future for all of our businesses. Don’t let the murder hornets get you now.
The Cybermaniacs help organizations big and small prepare their workforces for an uncertain digital future. Our platform and approach help workers, remote and onsite, establish good cyber habits and embrace a more secure work culture on a personal journey of change.
FANCY A CHAT?
Want to get your team set up for AMAZIWARENESS? You can have your team set up on our learning platform, enjoying engaging and impactful digital skills learning in under 48 hours.
With special pricing in place for small businesses impacted by COVID 19.