The pandemic has changed how we work forever. In the first wave of lockdowns and social distancing measures, businesses had no guarantee of survival, but they managed to pull through thanks to an ability to adapt to rapidly changing circumstances.
Organisations of all sizes have been affected by the disruption, including the SMBs that make up 99.99% of the UK’s estimated 6 million businesses. In nearly all cases, technology has proved critical in allowing companies to continue to operate and maintain existing levels of customer experiences.
Cloud and mobile technologies in particular have become universally adopted business tools. Staff can collaborate, access company applications and data, and communicate with customers from any location.
The efficiency and flexibility that technology has made possible mean many of the changes introduced over the past year will become permanent. Two thirds of employees at organisations of all sizes can now work remotely and two fifths will continue to do so post-pandemic. Among SMBs that figure is even greater, with 75% now relying on a distributed workforce.
However, unless this shift in working patterns is accompanied by an evolution in cybersecurity strategy, a single cyberattack could jeopardise this recovery. This threat is universal, but the potential consequences are even greater for SMBs that lack the financial resources to cope with a breach.
The growing importance of technology to operations increases the potential damage of an attack, while available evidence suggests the cybersecurity landscape is growing ever more treacherous.
As staff become more dependent on digital tools, an attack that affects their ability to access key systems will do more damage to their productivity. And as staff create and store more data, the reward – and temptation – for cybercrime increases.
Attacks that exploit recently discovered (and now patched) vulnerabilities in Microsoft Exchange Server, enabling allow hackers to access servers and steal data or deploy malware are an example of this threat. Email systems provide a treasure trove of data and any disruption to what an essential communication tool can be very serious.
Compounding this risk is the fact that users are accessing company applications and data on devices and on networks that are beyond the traditional control of IT. A greater number of attack surfaces gives hackers more opportunities to launch assaults that can affect the entire company.
The volume of cyberattacks in increasing, with perpetrators looking to exploit loopholes in organisation’s digital infrastructure and create as much disruption as possible. Some are even using Covid-19 itself to stage phishing attacks.
The desire for information on the virus, vaccines, and financial assistance has provided scammers with plenty of source material. Indeed, the UK National Cyber Security Centre estimates that one in a quarter of all cyber incidents in the past year related to Covid-19.
The operational, reputational and financial damage of a successful cyberattack can be significant. Prior to Covid-19, it is estimated that cyberattacks cost the UK economy up to £34 billion a year. But given the increase in cyberattacks since then, the current figure could be even greater.
According to one study, 41% of SMBs have experienced some form of cyber-attack in the past 12 months and a fifth had suffered from six or more attacks. The bill for a breach can run into the millions for a large enterprise but even the average £3,230 cost can be hugely damaging for a smaller organisation.
23% of SMBs would not be able to survive a cyberattack.
Nearly a quarter of all SMBs (23%) say they would not be able to survive a cyberattack – that’s 1.3 million businesses. A further 16% said a cyber-attack would result in a reduced headcount and 23% said they would have to use financial reserves. Only 22% of all SMBs said that an average cost of a cyber-attack would not have a material impact on their business.
SMBs have been through a lot over the past year and have had to overcome many challenges just to survive. In this context, it’s easy to see why cybersecurity has been overlooked and why 41% of businesses admit their remote working solutions are not as secure as the office.
The past year has showcased the ingenuity, resilience, and entrepreneurial spirit of small businesses at their best. But just one incident can jeopardise what remains a fragile recovery in so many cases.
41% of SMBs have experienced a cyberattack in the past year.
Security strategies should reflect the changing nature of work and an increasingly complex and ever-evolving threat landscape. Perimeter-based security approaches (such as firewalls) must be replaced by dynamic-based security measures that protect data and applications at all times – regardless of physical network.
Advanced anti-malware and monitoring capabilities, coupled with cloud-based infrastructure and applications that automatically receive security updates can also help. It is notable that the cloud-based version of Exchange Online was not affected by the recent vulnerabilities, for example.
Mobile Device Management (MDM) capabilities, such as those included in Microsoft 365, give organisations control over which users, applications, and devices can access corporate assets and also ensure that cybersecurity policies are applied at all times. Windows Virtual Desktop goes one step further by providing a virtual desktop that doesn’t require any data to be stored locally at all.
Finally, staff should be engaged and trained to ensure they follow policies and understand the threats they face. All it takes is for one user or system to be compromised for a cyber threat to become a cyber reality.
SMBs have shown their adaptability in coping with challenges caused by the pandemic. Technology has been a major factor in allowing businesses to operate as close to normal as possible, but any recovery will remain perilous without a cybersecurity strategy that reflects the current climate.
Find out how Insight can help your organisation develop a robust security strategy that will allow you to adapt and thrive in the current, everchanging climate.