Cybersecurity has remained a hot topic in 2019, and for good reason – there is a hacker attack, somewhere in the world, every 39 seconds. Closer to home, almost two-thirds (61%) of British firms have reported a cyber incident in 2019, according to research from insurer Hiscox. That was up from 45% the year before. Not only are businesses at risk of losing their own – or their customers’ – data, it’s costly to be hit by a hacker attack and the stakes are even higher now GDPR is in force. What’s even more alarming is the fact that most companies still aren’t prepared enough to deal with a cyber security breach, and even those that are must continue to invest in this area as the industry is ever-evolving, with cybercriminals becoming more and more sophisticated in their techniques. With all this said, it seems certain that security will become increasingly important as businesses look to 2020 and beyond – but what do the experts predict will happen? Here are some insights:
SMEs are particularly at risk
There is a misconception that small businesses are safe from the hackers because it’s not worth their time to go after SMEs when big, corporate companies have so much more valuable data. The reality is that 43% of cyber attacks happen to small businesses, and Steve Kingan, CEO at cybersecurity specialist Nexor, believes this figure will only continue to rise. He says: “There are multiple factors contributing to this, small businesses are less likely to have dedicated cybersecurity resources to protect their businesses and more likely to be reliant on outsourced suppliers and software for their IT needs, which introduces possible supply chain vulnerabilities as well as infrastructure configuration weaknesses. They are also less likely to have an adequate cybersecurity budget, resulting in weakened security coverage.”
Craig Barnett is the founder of Wisit, which helps firms protect their IT infrastructure by providing a fully managed IT service. He agrees that SMEs need to take the risks more seriously if they’re going to protect themselves properly, “if you are using the internet for business, then you are at risk from cyber fraud. This isn’t just a worry for big corporates. If you are an SMB or a freelancer working alone using Google Docs or a similar cloud-based system, then you too are at risk. The threat is real and constantly changing so that even the most ‘savvy’ amongst us can be tricked into giving out passwords or unwittingly giving access to finances, data, sensitive client information, or even your own payroll.
“The majority of small companies only invest in cybersecurity after the horse has bolted as we tend to live with the ‘it will never happen to us’ attitude and we turn a blind eye to something we simply don’t understand. We would all understand zero access to systems and a several million-pound ransom! The time to invest in cybersecurity is now.”
Investment in cybersecurity will rise…
Earlier this year, a report from Business in the Community (BITC) revealed that 30% of small businesses don’t have any cyber security strategies at all. Steve Hanna, co-chair of not-for-profit organisation Trusted Computing Group, reveals experts expect cybersecurity spending to increase around 9% every year for the indefinite future. He says: “Businesses are always improving their cyber defences, but the problem is hackers also constantly expand their arsenal for cyber attacks. This is a classic arms race and it moves quickly. Neither party can afford to rest on their laurels, or they will fall behind. One of the biggest problems for small businesses in particular is that they can’t afford to spend as much on cyber security as larger businesses. A way to ease this imbalance is to hire a managed security service provider who can supplement your in-house defence capabilities.”
James Hopper, chief operations officer at cybersecurity firm SRM, adds: “I do see companies investing more in their information security resources in the future in the form of regular penetration testing, forensics and business continuity work. And this is because, quite simply, the risks associated with not taking cyber security seriously are becoming greater all the time.”
…but businesses are still falling at the first hurdle
Darren Hockley, managing director of eLearning company DeltaNet International, says: “Whilst it’s true that some hacking practices are scarily complex, you may be surprised to learn that the number one cause of data breaches for businesses is still not very futuristic at all – it’s weak and stolen passwords. Think about this: a simplistic password, e.g. a memorable word or phrase, follows easily-identifiable sequences that hacking software (available for sale online to even the most unskilled cybercriminal) can crack in seconds. Compare this to a strong password; one that is at least eleven characters long and that contains upper and lower-case letters, as well as numbers and symbols, which would take the same software somewhere around 500 years to crack.”
Darren believes staff training could make all the difference when it comes stopping hackers in their tracks. He adds: “Without continuous awareness training to keep threats fresh in our mind, it’s all too easy to become complacent and fall into the criminals’ trap. This is particularly true at organisations that only offer training annually, or, worse, just once during induction.”
It’s hard to predict what’s next – even for the experts
James Hopper says it’s hard to know exactly what’s to come in 2020 and beyond. “Predicting the future of cybersecurity and, by association, the future of cyber threats, isn’t always easy. The information security landscape is changing constantly and we are faced with new challenges on a daily basis. One thing we do know is that the exposure to threats is increasing at a rapid rate. As we plug in more and more technology to the workplace, including the use of smart devices and IoT, the opportunities that present themselves to hackers are only set to increase over the next decade. Cyber security may seem like a distraction from day-to-day operations, but it’s become clear that we must now refer to attacks in terms of when and not if.”
That said, the general consensus is that phishing attacks are on the rise. Ben Griffin, director of IT recycling and data destruction firm Computer Disposals Ltd, states: “Going forward, phishing scams will remain one of the most prevalent types of cyber attack that businesses need to be aware of, as well as the risks associated with using mobile devices interchangeably across different networks for both business and personal use. Businesses must educate their personnel about the risks of these attacks in particular, and ensure that their network is closely monitored to prevent rogue devices leaving gaps in their overall security.”
Other experts believe the rise in artificial intelligence (AI) is a “double-edged” sword; on one hand it will help businesses to identify attacks quicker than ever before, but on the other it can be harnessed by the hackers to find commonplace vulnerabilities to exploit.