Today marks the start of Cyber Security Month, which runs for the whole of October. Approximately 40 countries will be marking the event with talks, seminars, workshops and activities designed to promote cyber security and encourage the sharing of good practices.
The theme for National Cyber Security Month in the USA, where the event first launched back in 2004, is ‘Do your part, be cyber smart’.
The European Cyber Security Month focus, meanwhile, is ‘Cyber security is a shared responsibility’, emphasizing the involvement and collaboration needed from governments, businesses, and individuals.
During the course of this month, the Heart Internet blog will be posting a series of articles on all kinds of cyber security topics.
You’ll be able to find out more about two factor authentication, read up on protecting your email addresses, and expand your knowledge in lots of other areas too.
To kick things off, we’re looking at how this year’s unprecedented events have shaped the cyber security landscape. Plus, we’re explaining why implementing the advice of Cyber Security Month has never been so essential.
The cyber security situation before COVID-19
Data breaches were an everyday occurrence in 2019. One report suggests that, during the first half of the year alone, 3,813 breaches took place. Together, they exposed a whopping 4.1 billion records.
As part of their Cyber Security Breaches Survey 2019, the Department for Digital, Culture, Media and Sport discovered that 20 per cent of UK companies had been subjected to breaches or attacks during 2019. For large businesses, this number rose to 61 per cent.
Governments weren’t exempt from criminal cyber activity, either. In the UK, the Labour Party fell victim to two large-scale distributed denial of service (DDoS) attacks against them in the space of two days. And across the pond, an attack on the government of New Orleans was so ferocious it caused them to declare a state of emergency.
Despite the frequency and severity of attacks taking place in 2019, though, it’s thought that only a third of companies have robust cyber security policies in place.
The impact of COVID-19 on cyber security
In a recent report, the Deloitte Cyber Intelligence Centre revealed there has been a spike in phishing attacks, malspams and ransomware attacks since the COVID-19 pandemic started.
These are some of the main causes of this increase in attacks:
- Businesses weren’t adequately prepared for a pandemic
- Wide-scale remote working exposed security risks
- Security teams experienced impaired functioning
- Companies have downsized, causing skills and knowledge gaps
- Economic issues have forced people into cyber crime
The International Criminal Police Organization, Interpol, has also noticed an increase in cyber crime since the start of the year. In a statement, they explained:
‘In one four-month period (January to April) some 907,000 spam messages, 737 incidents related to malware and 48,000 malicious URLs – all related to COVID-19 – were detected by one of INTERPOL’s private sector partners.’
A number of the UK’s most well-known companies have experienced damaging cyber attacks this year. Back in May, travel giant EasyJet acknowledged that a ‘highly sophisticated’ attack had affected approximately nine million of its customers. Email address and travel details were stolen, and 2,208 customers had their credit and debit card details “accessed”.
Cyber security predictions for 2021
Cyber security experts, RiskIQ, estimate that as we move in to 2021, cyber criminals will cost the world $11.4 million a minute. They also predict that a UK business will become the target of a cyber attack every single minute. They’re calling this ‘the evil internet minute’.
Interpol agrees with their forecast, warning that cyber attacks and breaches are almost certain to increase as the impact of the pandemic continues to be felt.
They explained: “Vulnerabilities related to working from home and the potential for increased financial benefit will see cybercriminals continue to ramp up their activities and develop more advanced and sophisticated modi operandi.
“Threat actors are likely to continue proliferating coronavirus-themed online scams and phishing campaigns to leverage public concern about the pandemic.
“Business Email Compromise schemes will also likely surge due to the economic downturn and shift in the business landscape, generating new opportunities for criminal activities.”
Despite this concerning forecast, it’s likely cyber security budgets will be cut in 2021 as businesses continue to feel the pinch of a difficult year.
A survey by McKinsey indicates that 70 per cent of chief information security officers believe their budgets will decrease 2021. The biggest falls are expected among small retail and consumer businesses.
More cyber security resources
We’ll be posting more cyber security articles on the Heart Internet blog over the next few weeks, but here’s some further reading you can get started on right now elsewhere on the blog:
- Why you need a Content Security Policy
- The essential guide to website cyber security
- Talking to your clients about WordPress plugin security
- 6 easy WordPress Security tips