COVID-19: Impact on Information Security

The Chartered Institute of Information Security (CIISec) released it’s sixth annual ‘state of the profession’ report, finding that the Coronavirus pandemic has meant ups and downs for the industry, but the general outcome is a good one.

Of the 557 cyber security professionals that responded to the CIISec survey, 65% said there had been a positive impact on the market as a result of the pandemic. However almost 70% said that risks to data had increased as a result of working from home, and nearly two thirds said it was harder to review security during lockdowns.

This was, to some extent, to be expected. Whilst there were a few that suggested working from home wasn’t the security issue it was being made out to be, most of us were keen to raise awareness of the potential additional weaknesses it could open up.

Research by IBM and the Ponemon Institute, now in its 17^th year, is a leading industry benchmark. The Cost of a Data Breach Report 2021 found that there had been a 10% increase in the average total cost of a breach (the largest annual increase in the last seven years), and the average cost was over $1 million higher where remote work was a factor in causing the breach.

The survey also found that compromised credentials (i.e., username and password) were the most common ‘attack vector’, with one in five breaches starting with this type of attack:

• Business email compromise (BEC) was responsible for 4% of breaches, but had the highest average total cost at just over $5 million.
• The second costliest was phishing ($4.7 million), followed by malicious insiders ($4.6 million), social engineering ($4.4 million), and compromised credentials ($4.3 million).

Ransomware attacks were found to be more costly than the average data breach too ($4.6 million compared to £4.2 million).

How To Protect Your Business

All the statistics are saying more or less the same things: cyber attacks are increasing in number, and increasing in cost.

At Think IT we’ve created various guides and services to help you protect your business:

Ransomware: have a look at our Insights: Ransomware Explained article for more information about ransomware, and our Endpoint Security services to find out how to defend your systems against it. With both the UK and US seeing it as a major threat, it’s worth ten minutes of your time to read!

Passwords: to avoid the ‘compromised credentials’ attack mentioned earlier, check out our Insights article on creating and managing good passwords. Talking about remote access and working from home, earlier in 2021 we found that over 1 million RDP usernames and passwords had been stolen, so it’s worth looking at our RDP security guidance if you use it.

Email: if you’re not using a cloud email service like Microsoft 365 for your business email, you should have a look at our short article about how moving to 365 can improve your email security.

Working from home: we can help you with secure remote access to get easy and quick connections from home to your work devices.

If you need help with any of this, or anything else, head to the Contact Us page of the website and get in touch with us.