Security awareness is a hot topic today, not least because 2020 has had an enormous effect on the cybersecurity of organizations in every industry.
While security awareness was an already important aspect of cybersecurity for businesses at the start of the year, the onset of the pandemic has exacerbated existing issues to such a degree that it’s an unavoidable issue to contend with for companies of all sizes.
This is because of a multitude of factors—cybercriminals are more sophisticated in their approach than they’ve ever been; sensitive data is being handled outside traditionally secure office environments (largely driven by IoT tech); and increasingly vast amounts of data are being produced by even the smallest SMBs, meaning there’s more information to safeguard.
The one constant is the human worker. The aptitude of people to remain vigilant about their cybersecurity varies wildly—more often than not, a data breach will be directly attributable to the actions of a worker.
That’s why security awareness is crucial. This blog post will examine the cybersecurity landscape and explain which exact aspects of it determine the need for more awareness.
Before the Pandemic
While talk of cybersecurity awareness has been driven by the events of 2020, it’s important to remember that it was on the rise long before the pandemic hit.
Data breaches have been a common occurrence for businesses for many years, and towards the end of the 2010s, they began to skyrocket to the point where in 2019, organizations were more likely to have been the victim of an attack in the 12 months previous as they were to have had no incident at all.
In 2018, 45% of firms experienced a cyberattack—in 2019, that number rose to 61%.
And yet, in spite of these rather apparent warning signs, in addition to the more headline-grabbing incidents that brought increased awareness, businesses were still reluctant to invest in their own employees’ security awareness.
Just 11% of respondents in a survey by Hiscox in their annual report said that their companies had increased spending on security awareness training after a cyberattack.
Instead, they focused on putting money into new technology. While important, neglecting security awareness is a mistake, and awareness training as a strategy acts as a fundamental bulwark against breaches for a business.
How 2020 Changed the Landscape Further
This brings us to this year, the beginning of which saw little change with regards to cybersecurity needs for SMBs.
Attacks were still on the rise, and most businesses, acknowledging their shortfalls, were doing more to align with what IT decision makers already knew and increased their spending on security.
96% of IT decision makers believe their organizations are susceptible to external cyberattacks and 71% say they are not prepared to cope with them.
Then the pandemic hit, lockdown restrictions took place, and businesses found themselves trying to adapt to the new circumstances as well they could.
The Impact of COVID
The look of the landscape prior to the pandemic was now one of a number of factors, such as:
- Increasing numbers of businesses being targeted and breached compared to previous years
- Unprepared workforces that lacked guidance and knowhow to deal with common cyberattacks
- Organizations lacking the tools and software to protect their networks efficiently
As you might imagine, all these factors had negative effects when states began shutting down, prompting businesses to send their employees home to begin working remotely.
The end result was that large sections of the workforce now found themselves handling sensitive data outside the office, often on unverified networks and devices that hadn’t been provisioned.
As you might expect, this was a recipe for disaster.
Sharp Increase in Cyberattacks
You don’t have to look far to see unnerving statistics on the dramatic rise in cybercrime, attacks, and breaches in the months since spring 2020 until today.
Cybercriminals often prey on people’s fears, and the beginning of the pandemic provided a gift-wrapped opportunity to exploit workers performing their jobs at home.
McAfee found that in the months between January and April 2020, attacks targeting cloud services rose by a staggering 630%.
Security firm Darktrace reported that the proportion of attacks on at-home workers in the UK increased from 12% to 60% in the six weeks after lockdown began; while CSC observed that attacks from the beginning of July to the end of August jumped 30%.
Phishing emails have spiked by over 600% since the end of February 2020 as cybercriminals look to capitalize on the fear and uncertainty generated by the COVID-19 pandemic.
The examples and instances of these attacks rising go on and on. This wouldn’t be a problem in itself, as many new technologies and strategies are effective at keeping businesses safe.
The issue, as alluded to earlier, was that for many businesses, they simply lacked the technology; for employees—they lacked the knowledge to avoid being breached.
Why Is Security Awareness Such an Important Factor?
Security awareness is an important factor in cybersecurity because of human error.
Cybercriminals play a law of averages game—facilitating countless attacks on the assumption that sooner or later, they’ll attack someone without the knowhow to defend themselves and without the software to protect their device properly.
52% of businesses admit that employees are their biggest weakness in IT security, with their careless actions putting business IT security strategy at risk.
Of course, that doesn’t make them solely responsible; it’s incumbent on decision makers and executives to make sure that every measure has been taken to ensure the best chance for success.
In other words, businesses should not set their own workers up for failure.
What Should Businesses Be Doing to Respond?
Organizations are more aware now about the need to invest in security awareness programs for their employees.
In the past, businesses have shown a keen interest to invest in technology for their cybersecurity while neglecting to improve awareness among staff.
It’s imperative for businesses to understand that a comprehensive security strategy for their organizations involves a lot more than an antivirus subscription.
This is especially important, as many SMBs have indicated a willingness to allow remote work as a long-term option for employees, which increases the need for them to ensure that those operating outside of their regular work network are protected appropriately.
In short; as long as there is an opportunity to take advantage of—namely, ill-prepared workers—cybercriminals will do just that. That’s what makes security awareness so crucial.
Takeaways
- Cybercrime has been on the rise for a number of years and businesses have often been slow to respond in terms of investing in cybersecurity strategies.
- 2020 saw huge numbers of workers operating remotely, exposing SMBs without plans to attacks, which rose significantly.
- Security awareness, an often-neglected aspect of cybersecurity, is a key defense against breaches, and should be considered as such moving forward.
In light of recent events, many organizations have found themselves playing catchup with their cybersecurity, trying to implement makeshift solutions to make up lost ground while their workforces are working remotely for the immediate future.
To find out more about how you can ensure your business’ cybersecurity is in good shape for now and for the future, download our eBook, “What Makes a Good Cybersecurity Defense for a Modern SMB?”.
