The Cybersecurity challenges every business needs to deal with in 2021
TABLE OF CONTENTS
> Global cybersecurity challenges in 2021
> Cybersecurity challenges in the UK
> Cybersecurity challenges per industry/vertical
> > Cybersecurity challenges in Healthcare
> > Cybersecurity challenges in Retail
> > Cybersecurity challenges in Education
> > Cybersecurity challenges in Fintech
> > Cybersecurity challenges in Cloud Computing
Global cybersecurity challenges in 2021
Historic data underlines how the threat landscape is evolving. So much so that according to Capita, the average total global cost of a data breach over the past seven years was £2.75 million. It is absolutely crucial to consider these findings and implement a future proof, robust cybersecurity strategy into an SMEs’ business continuity process.
Interpol has found that cybercrime has shifted from SMEs and individuals towards major corporations, governing bodies and critical infrastructure. Cybercrime had a global cost of around £700B in 2020. Although the rise in remote working will continue to increase, pandemic-related phishing scams, as well as Cloud breaches or attacks on the Internet-of-Things (IoT), will dominate the global agenda of cybersecurity issues in 2021. As digitalisation and technological developments go on, it will no doubt encourage attackers to forge advanced ways to disturb the business flow.
Cybersecurity challenges in the UK
Hacking attempts have grown by 20% in the past year due to the shift to remote working and the COVID-19 pandemic. Attackers took advantage of this digital transition, which resulted in UK businesses facing an average of 686,961 attempts to breach their security systems in 2020. An analysis from Beaming confirmed an estimated 1,912 per day for 2021, meaning an attack takes place every 46 seconds.
“An analysis from Beaming confirmed an estimated 1,912 per day for 2021, meaning an attack takes place every 46 seconds.”
There has also been a growth in surveillance ware during the past year. Forbes discovered that COVID-19 map malware is able to spy on Android users by accessing the phone’s microphone and camera. Downloading legitimate-looking apps to track the virus can give access to hackers operating from dubious locations, from where they can watch users through a smartphone camera, listen through a microphone or steal text messages.
Phishing might not be the number one menace on the business radar, but neither should it be underestimated. It’s a widespread scenario for attackers to pose as a business and contact customers with false information through emails. And as more people connect their devices to company networks to access their communication channels, clicking on a malicious link can quickly escalate and harm corporate systems. The estimated cost of a data loss is between £0.96B and £1.44B per annum, for small and medium businesses, the worst-case scenario was £4.3M and £14M.
Cybersecurity challenges per industry/vertical:
Cybersecurity challenges in Healthcare:
Ransomware attacks can hit industries the hardest that hold and handle confidential information, high-value materials on corporations or individuals like healthcare, that simply can’t afford to be offline as it can severely impact saving lives. Healthcare systems like e-prescribing, EHR, practice management support and clinical decision support are among those being compromised by cyberattackers at an alarming rate.
In 2020, the healthcare industry accounted for the largest share of data breaches, with ransomware attacks leading the way. Tenable found that the top two categories experiencing breaches in healthcare were healthcare systems (30.03%) and hospitals (19.11%). Also, 46% of all healthcare sector violations were caused by ransomware attacks.
In 2017, the WannaCry ransomware attack cost the NHS £92M, as an estimated 19,000 appointments got cancelled. The Department of Health and Social Care reported that an estimated £20M was lost during the attack as a result of lost output, with an additional £72M spent on restoring data and systems.
But cybercriminals are not only targeting institutions as a whole. Sky News was informed that healthcare workers received an email at the beginning of the pandemic that appeared to be sent from their IT team with the subject line “ALL STAFF: CORONAVIRUS AWARENESS” with a link attached. The email aimed to warn employees about a coronavirus seminar and asked them to click on a link to register their attendance. The link then directed users to a third-party website designed to look like Outlook and essentially make them give out their personal details to the hackers by filling out the form.
Ireland’s national health service system was also recently brought down across the country, due to a ransomware attack. Following the incident, officials warned that patients waiting for non-urgent care should be prepared for delays. Further disruptions to the system continued for several days, reported The Daily Swig. The country’s Health Service Executive (HSE) confirmed that some of the data was encrypted, but the health system refused to pay the ransomware demand.
Cybersecurity challenges in Retail
In 2020, the business landscape as we knew it changed. Industries across the world urgently had to address newly emerging challenges. But with high-street shops temporarily closing down and moving to the online sphere, the retail sector was particularly vulnerable to cyberattacks and, like a prophecy, the number of attacks skyrocketed.
As recent research shows, in 2020, 60% of UK businesses have indeed experienced a hack and can potentially end up losing £5.9 billion through these breaches. This often turned out to be credential theft, when cybercriminals attempted to get hold of an organisation’s or user’s password to access critical business data. It’s a rather severe threat for retailers, as half of the consumers (44%) stated they would stop transacting with a business if they were to be breached during a cyberattack.
Among the types of attacks the retail sector faces, email phishing scams still wreak havoc on both individuals and businesses. The most common type of scam for cybercriminals is to send promotional emails pretending to be a retailer. As soon as a potential customer opens the email and clicks on a link, malware is installed in just seconds.
Al and machine learning are also continuing to gain momentum. It’s often used in cyberattacks to invade networks in more advanced ways. Intricate series of bots guided by algorithms can quickly gather data like passwords or bank log-in details, making it a pressing cybersecurity threat in the retail industry. Data breaches involving leaked information can allow attackers to gain access to Cloud networks to view, copy and transfer data for malicious purposes. Lost data is also a violation of GDPR, which can cause substantial financial harm to businesses.
British lifestyle clothing and accessories retailer FatFace has paid a £1.42M ransomware demand to the Conti ransomware gang at the beginning of this year after their systems got successfully hacked. It all started with an employee clicking on a malicious email. Computer Weekly uncovered that during negotiations, they managed to talk down the price from approximately 213 bitcoin. The company warned that during the attack, both shoppers’ and employees’ details, including names, addresses, bank details and NI numbers, equivalent to 200GB of data, were stolen.
Cybersecurity challenges in Education:
The education sector can be an appealing target for cybercriminals. Since February 2021, after students started to return to schools, there has been an increased number of ransomware attacks targeting educational establishments in the UK, including schools, colleges and universities.
According to a report published by BitSight, universities have faced one of the highest levels of ransomware attacks among all industries, more than three times the rate found in healthcare and ten times higher than in finance. Higher education institutions have less control over the devices that connect to their networks, as a laptop brought onto campus by a student can easily impact other systems.
Paul Chichester, Director of Operations at the National Cyber Security Centre (NCSC), said: “Any targeting of the education sector by cybercriminals is completely unacceptable. This is a growing threat and we strongly encourage schools, colleges, and universities to act on our guidance and help ensure their students can continue their education uninterrupted.”
“In recent months, RM has seen a marked increase in the number of malware infections in education establishments leading to ransomware demands, leading to some schools, universities and colleges being seriously impacted – losing access to key files and data or being unable to teach for a period of time whilst systems are restored”, said Matt Bearpark, Head of Product for Connectivity and Online Safety at RM, provider of technology and resources to the education sector.
The IT systems of the University of Portsmouth, Bedfordshire and Hertfordshire were offline following a recent cyberattack. The issue wasn’t entirely resolved even after six days. It had a significant impact on the universities’ daily operation, including the functioning of computer-based phone systems.
The Harris Foundation – a UK charity organisation that runs 50 schools – has also been struck by a ransomware attack. As a result, its systems were taken offline, putting nearly 40,000 students at risk. The form of ransomware was not disclosed, but the foundation described it as “highly sophisticated” and that it “will have a significant impact on our academies,” as reported by SiliconANGLE. The incident took place after the UK’s National Cyber Security Centre (NCSC) warned that educational establishments are getting targeted at high speed.
Cybersecurity challenges in Fintech:
The coronavirus has also opened doors to numerous opportunities for Fintech companies, but these changes didn’t come without increased risk or susceptibility. Keeper Security discovered that 70% of the UK financial establishments faced cyberattacks in 2020, with 59% of these attacks resulting from conditions brought on by the pandemic.
The number one opportunity for hackers to take advantage of the financial sector is through cloud computing security. Services like internet banking, payment gateways or digital wallets use Cloud-based platforms due to the speed and accessibility it provides. As the Cloud processes a large amount of data, attackers are able to find loopholes in the security systems. This is why it’s crucial to choose a reliable Cloud hosting provider with up-to-date and robust security in place.
Financial institutions and Fintech companies often use third-party services and user-interface applications that allow end-users to fill in sensitive data. These applications, integrated into central systems, are also weaknesses that hackers can use, often disguised as employees or third-party users of the business-critical data.
To ensure the security of each transaction made by users, financial corporations use one-time biometrics, alternative device authority or passwords to verify the person’s identity and ensure the safety of the transactions (MFA). Cyber attackers are sometimes still able to recreate this data to enter these applications and transfer funds.
Cryptocurrencies have also become extremely popular in recent years and are continuing to gain further momentum. In line with their increasing popularity, they have also established themselves as a significant security risk for Fintech companies. The origin of the money is often unknown and anonymous, plus it can be used for money laundering purposes. Cryptocurrencies can also be scams set up by hackers to enter networks, hence why Fintech companies are advised to use specific trading platforms when dealing with cryptocurrency.
Infosecurity reported that currency exchange bureau Travelex was hit by what initially was described as a software virus. Travelex took its systems down and the malware was successfully contained; however, it caused disruptions for several UK banking institutions and their customers. Sainsbury’s Bank, First Direct, Virgin Money, Barclays and RBS were among those whose foreign currency services were affected by the attack. BBC found that the attackers were looking to extract around £4.3M from this incident by encrypting Travelex’s data.
Cybersecurity challenges in Cloud Computing:
Instead of an upcoming trend, Cloud computing is becoming the norm for modern-day businesses as a solution for flawless operation. The past year has only strengthened the need for companies to move their valuable data and applications to the Cloud. And the volume of Cloud utilisation is proliferating, with 32% of IT budgets dedicated to the Cloud by the end of 2021. It’s expected to transform more and more organisations. However, it has introduced a host of new security threats and challenges as hackers have also spotted its potential and the Cloud has quickly become one of their main targets.
Given the amount of data being processed through the Cloud, the number one challenge is data breaches. It can cause significant financial and reputational harm to any business and can easily result in loss of intellectual property (IP) and legal liabilities. Azinity found that only 22% of small companies encrypt their databases to protect valuable business data.
Distributed Denial of Service (DDoS) attacks are also on the rise. These are rather sophisticated as they’re designed to overwhelm websites with superfluous requests until they eventually crash and stop responding to user requests. As a result, websites can be unresponsive for hours or even days, causing huge revenue loss, a damaged reputation and customer trust issues.
Besides the many advantages Cloud technology holds for businesses, it can easily be turned into a potential weakness. Organisations can be accessed from anywhere and from any device, but application interfaces used by employees or users are not necessarily the safest. A hacker can easily use insecure endpoints in an attempt to steal data and damage networks.
A DDoS attack hit Bradford Council’s school network earlier this year. The online learning network used by schools across the district suffered daily outages as a result of the attack. It was reported by the Telegraph & Argus that the Bradford Learning Network was down on multiple occasions over the past few month, with the Council describing the threats as “ever-growing.” The main goal of a DDoS attack is to undermine the Internet infrastructure, whether by causing mayhem or simply for revenge purposes.
Cybersecurity solutions that match your business’s needs.
To help combat COVID-19, businesses relocated their workforce from physical locations to the digital sphere. As a result, high-profile attacks worldwide and in the UK took the majority of corporate leaders by surprise. The far-reaching cybersecurity breaches called for strengthened security systems and businesses are now understanding the importance of having an advanced cybersecurity strategy in place. However, as these statistics highlight, investing significant finances would not be wise without proper guidance. Over its ten years of operation, TWC IT Solutions has guided SMEs across a host of vertical markets and successfully solved IT challenges with customised solutions for each client. Here at TWC, we treat each and every one of our customers like our very first. Interested in a consultation? Don’t hesitate to reach out and call us on 08000 248 900.
Social Media Executive, TWC IT Solutions
UK HEAD OFFICE:
32-34 Station Close
344 Grove Street
Jersey City, NJ 07304
HONG KONG OFFICE:
148 Des Voeux Road
Central, Hong Kong