Brave New World: How the Global Pandemic Changed Cyber Security Forever

Published
Cyber Security

Executive Summary

  • Beginning early 2020, the global COVID-19 pandemic has impacted almost every person on the planet. But it’s also impacted businesses in ways nobody ever predicted.

  • According to the Cyber Security Breaches Survey 2021, almost half of all small UK businesses identified cyber security breaches in 2020 as the world struggled with the growing pandemic.

  • In this article, we’ll explore the precise impacts of the pandemic, the way businesses operate, and the knock-on effect these changes had to embolden a certain sub-set of cyber attackers across the world.

Introduction

There’s been a lot said about the impact of the global pandemic: on health, on the economy, on travel, and more.

But one area which hasn’t received much of the spotlight — despite representing a significant threat — is the effect the COVID-19 pandemic has had on cyber security.

While the whole world has been impacted, in this article we’ll focus on the place we know best: small business in the UK.

According to the Cyber Security Breaches Survey 2021, 46% of small and micro businesses in the UK suffered a breach of some sort during the height of 2020.

But why has cyber security suffered so badly? And what should you be looking out for as a business? How best can you protect your own data and maintain security?

Let’s address all of these questions.

Why did the pandemic impact cyber security?

While the global pandemic was — and still is — primarily a health crisis, it has truly highlighted how interconnected our world really is.

The spread of the virus had a few immediate effects, particularly as lockdowns came into force in many countries, including the UK during March 2020. (We were even there to help businesses adapt quickly to these changes).

According to figures released by the ONS, national lockdowns meant that, during April 2020, at least 46.6% of UK workers did at least some work from home. Of those 46.6%, a whopping 86% did so directly because of the COVID-19 pandemic.

The near-instantaneous move to home working was one of the key precipitators of the jump in cyber attacks.

But why? There are a few theories.

In the early days of the pandemic, before businesses were able to strengthen their cyber security policies using strategies like BYOD, many employees used their own computers or laptops. Without security controls in place, company data was often only as secure as employee’s personal devices.

In addition to the use of personal devices, companies that previously relied entirely on in-person or on-site IT support departments may have found themselves less able to respond quickly to potential threats, meaning successful breaches became more likely. This is one of the reasons that our IT support agreements include comprehensive remote support services.

Finally, it’s very likely that cyber attackers across the globe were spurred on by the simple fact that, after March 2020, there was simply more opportunity. With so many people – even those who’d never spent much time online before – now staying at home, the number of people spending time on the internet skyrocketed. It’s not a huge leap of logic to understand why cyber criminals might want to capitalise on these numbers using tactics such as phishing and malware distribution.

The rise of the pandemic cyber threats – 3 real-world examples

The reasons for the unprecedented increase in cyber attacks and other cyber security threats should be fairly clear at this point — but now let’s look more closely at the real-world consequences of these changes on businesses.

Consulting firm Deloitte has carried out some detailed research on the impact of COVID-19 on cyber security, and we’ve curated some of the most compelling examples of how businesses have been affected:

  1. Perhaps the most telling statistic to come out of this report is that, during the pandemic, 35% of cyber security attacks used types of malware which were new or unique. This is a rise from just 20% of new scams before the global crisis.

  2. Phishing attacks, a form of social engineering which relies on fooling unsuspecting victims, usually via email impersonation, became much more commonplace. According to the research, 47% of people fell for a phishing scam while working from home.

  3. According to the UK’s Action Fraud Reporting Centre, victims had already been taken for a total of £11 million via coronavirus-related scams – and that was only by July 2020. The figure now will be orders of magnitude higher.

How businesses can improve their cyber security in a post-2020 world

We’ve covered a lot of data and statistics here which may be sobering for any small business – but there’s some good news, too.

Another revealing statistic in the Cyber Security Breaches Survey 2021 is that 87% of businesses had some form of up-to-date malware protection in place during 2020. That said, it also states that this number has now dropped to 83% in 2021, so there’s still some room for improvement.

As an IT support company working with clients up and down the UK, we’ve seen plenty of different responses to the global pandemic – and we know a little about what works… and what doesn’t.

With that in mind, here are our tips for improving your cyber security protection as we move past the pandemic and back into the big wide world:

  • Ensure staff are properly trained on cyber security fundamentals. As we’ve seen, phishing and other social engineering attacks are often to blame for breaches. To alleviate this risk, it’s a good idea to train your employees on the most up-to-date cyber attack methods, as well as anti-phishing best practices.

  • Deploy a secure BYOD policy. If your employees are using their own devices, you should improve your security by implementing a BYOD policy as mentioned above. You might also want to consider taking things further with an MDM solution.

  • With novel cyber attacks on the rise, consider an EDR platform. Traditional antivirus, including Microsoft Defender, is the absolute baseline for cyber protection – but you can go further. Consider a solution like Endpoint Detection and Response, which is able to identify and address attacks in real-time, before the damage is done.

  • Get your company Cyber Essentials certified. If you’re serious about data security, one way to solidify that is by becoming certified by the government’s Cyber Essentials program. Not only will this help you better understand the threats, but it’ll also show potential customers that you’re serious about cyber protection.

Is your business ready for the road ahead?  

The areas we’ve covered here are a great starting point for small and medium-sized businesses in the UK. Bolstering your cyber security measures now is the best way to proactively protect your company should we face yet another global-scale event like the COVID-19 pandemic.

Of course, we’re all hoping never to see such disruption in again in our lifetimes – but forearmed is forewarned. If you’d like to discuss your company’s approach to cyber security, look more closely at an EDR solution, or ensure your security policies are tough enough – our expert IT support team is here to help.

Call our team of IT pros today on 01865 59 4000 for some expert advice, or just scroll down and fill in the form below so we can get back to you.

Latest From The Blog

Cyber Essentials is changing (again) in 2025. But there’s good news.   

Cyber Essentials is changing in 2025. Get up to speed on the key updates, including passwordless authentication and vulnerability fixes.

Microsoft 365 Copilot Release Roundup: August, September, October 2024  

Discover the latest updates for Microsoft Copilot released during August, September, and October 2024.

What's new with the Windows 11 24H2 update?

Here’s a Get Support guide to the latest Windows 11 24H2 update, including what matters most for small businesses.