A slew of reports and surveys released over the weekend reveal the size of the cyber crime challenge faced by today’s organisations.
Digital transformation, driven by the pandemic, and the shift to hybrid working, driven by the post-pandemic recovery, both create significant cyber risks – and particularly for mid-market companies.
According to Venturebeat, every type of cyber attack has grown significantly since 2020: “bot attacks have increased by 238%, phishing by 203%, malware in cloud applications by 180%, malware via email by 154%, malware delivered via endpoints by 156%, and insider threats by 132%”.
The result is that mid-sized companies – which, through lack of resources and understanding, tend not to invest in cyber security beyond basic measures – are as much as “490% more likely to experience a cyber security breach by the end of 2021 than they were in 2019.”
Venturebeat also reports that, while 61% of hybrid and remote workers feel responsible for cyber security, only 21% are aware of the sophisticated threats with which their organisations are targeted.
When employees feel they don’t have the right software tools for their jobs, or when they don’t feel they know what behaviours are safe, they will tend to engage in behaviours that compromise their employer’s cyber security – such as downloading unapproved and compromised software, clicking on links in incoming emails, and visiting insecure websites.
Clearly, they also continue to use easy-to-guess passwords – there is apparently still an extraordinary number of passwords that are simply strings of consecutive numbers, with 123456 again the most widely used password. The research that shows widely used passwords is available to criminals: why do users assume that criminals won’t take the easy route to cracking password security?
In fact, cyber crime is becoming so lucrative that top crime gangs can now afford to invest potentially up to £10m to acquire zero-click or zero-day exploits – particularly targeted at Windows 10 – to exploit either directly or through the increasingly effective ‘exploit-as-a-service’ cyber crime sector.
Organisations of all sized need to wise up and significantly increase their investment in cyber security – from regular staff awareness training through security testing to effective incident response and recovery processes.
The holiday season always sees an increase in cyber crime, as criminals take advantage of increased pressure in the transaction chains to wreak havoc. Many organisations will have left security precautions too late this year, and will go into 2023 with a significant cyber compromise.