Cyber security: Why is it time to redouble your efforts?
The growing vulnerability of businesses to cyber crime is undoubtedly one of the many damaging outcomes of the Covid-19 crisis. Businesses need to be aware that this is a time when they will have to be even more on the alert for cyber attacks. Indeed, given that practically everyone’s efforts have turned to crisis management, companies and organizations are sidelining the importance of cyber security, at great risk.
Very Small Enterprises (VSEs) and Small to Medium Enterprises (SMEs) are very attractive targets for hackers because they typically do not have extensive resources to invest in the protection of their IT systems. In 2017, 75% of VSEs / SMEs were already victims of a cyber attack, with an average financial impact of 50% of their turnover.
Many preconceptions and prejudices regarding cyber security prevent it from being treated with the absolute urgency it requires at all levels of an organization:
Here are some of the most common:
- Prejudice # 1: It only happens to others : Organizations tend to underestimate their risk of being the victim of a cyber attack. This problem works in the same way as when the pandemic appeared in other countries: the belief that it could come and affect ‘us’ seemed distant and intangible. The further the problem is ‘from home’, the less concern it generates, lulling people into a false sense of security even though the threat is objectively real. In January or even February, most people in Europe never imagined that the virus could do the same damage there as it was unleashing in China, despite all the signs that it was about to.
- Prejudice # 2: My business is immune to cyber attacks: While it’s good to be confident that the processes put in place to combat cyber attacks are as robust as possible, you should never underestimate or minimize the ingenuity and striking capabilities of cybercriminals.
- Prejudice # 3: My company is insured against cyber risks, so I’m covered: The extent to which this is true depends on the fine details of the insurance contract. Insurance does not cover all cases: you have to be careful about what is covered by your specific insurance product, and what is not
1. Cyber risks are increasing during the pandemic
In this period of crisis, cyber attacks are being dangerously overlooked. Digital risk observatories have noted that since the onset of the Covid-19 crisis, cybercrime activities have intensified.
The AP-HP (Assistance Publique – Hôpitaux de Paris), which manages 39 hospitals in the Ile-de-France region, has been the target of attacks, and the WHO (World Health Organization) has also been targeted. And this is all during a pandemic, demonstrating that there is absolutely no compassion in cybercrime, even when lives are at risk.
In fact, the increase in the number of attacks taking place during this period is so great that some analysts are already talking about a ‘digital pandemic’.
The risks involved for a company mean that it might never be able to recover from a digital attack, especially during the current, trying period. In addition, an attack can endanger the entire ecosystem in which the company operates, so you can imagine the chain reaction of damage that can occur as a result.
2. Internal cyber incidents
Cyber risks are not only linked to actors outside organizations; they can also be the result of bad internal practices, such as:
- Defective migrations,
A lot of data may be leaked or lost due to the reasons listed above.
The fight against the impact of the Covid-19 crisis should not ignore or sideline the digital vulnerability that your applications and software can present. It’s important to communicate this point to all of your employees, at all levels of your organization. Now is the time to educate your employees about cyber attacks, as it is everyone’s responsibility to ensure that they don’t happen.
However, even the best-prepared companies are not immune. Risk managers, risk audits, robust software, firewalls, IT outsourcing of information systems maintenance… even with the most complete arsenal, no one can be sure that they will not be the victim of an attack one day .
3. The measures to take now: make sure you are prepared
Faced with Covid-19, companies have had to react quickly and roll out remote working on a large scale for most of their employees. This has meant a majority of transactions have been carried out online, in no time.
This presents a huge opportunity for cybercriminals, who can take advantage of systems that have been undermined and upset by these sudden changes. Many companies have found themselves faced with the task of preparing to switch to remote work overnight. This has had to occur with:
- Restricted equipment,
- Non-existent processes.
These circumstances increase the risks of vulnerability of computer systems. In addition, alertness levels tend to be reduced when working from home.
4. Examples of good practices that can decrease vulnerability to cyber attacks:
- Use sophisticated passwords,
- Systematically update operating systems,
- Update anti-virus systems regularly (security updates),
- Avoid unknown or public Wi-Fi networks,
- Also avoid connecting computers to VPNs (Virtual Private Network),
Communicate with your employees to warn them of malicious emails
An upsurge in email-based fraud attempts have been identified since the start of the crisis, with hackers trying to take advantage of the confusion in order to redirect transfers to their own accounts.
Analysts have recorded an increase in phishing attempts: sending emails that spoof a person’s identity for malicious purposes, for example, in order to retrieve personal information or money.