Head of Operations & Customer Experience
University campuses in 1980s America were a breeding ground for a new type of threat: the cybercriminal. From Fred Cohen who wrote a programme in 1983 while studying at the University of Southern California that seized control of a computer’s operations, to Cornell student Robert Tappan Morris who almost brought down the early internet when he inadvertently executed the first Distributed Denial of Service (DDoS) attack in history - a costly mistake that saw him become the first person convicted under the US Computer Fraud and Abuse Act 1986.
Fast-forward over three decades and the evolution of cybercrime from academic pranks to sophisticated and coordinated assaults on our private data has given rise to the world's biggest criminal growth industry – it is estimated that global cybercrime cost will reach $10.5tn annually by 2025, up from $3tn in 2015. The proliferation of cyber-attacks has been given further traction by the Covid-19 pandemic – and yet most businesses and their customers remain underprepared for this very real threat.
The worst public health crises in modern history presented an opportunity for cybercriminals to cash in on escalating uncertainty amid large-scale remote working, increased online activity and heightened stress levels. So these nefarious opportunists got busy doing what they do best: developing themed attacks to fit new trends and circumvent new controls - and the result has been eye-watering for individuals and businesses alike:
Email scams related to Covid-19 surged 667% in March 2020 alone - when the pandemic blindsided society.
- More than 11,000 UK-government-themed phishing campaigns were taken down in 2020 – over double the 2019 total.
- UK businesses faced a 20% rise in cyber security threats in 2020.
- Web application attacks against UK businesses were up 800% in the first half of 2020.
- Ransomware attacks against UK businesses increased by 20% in the first half of 2020.
The current landscape
From targeted attacks that use Covid-19 as bait to its power to transform the way we work, the pandemic has reshaped the cybersecurity landscape by expanding the amount of virtual ground that needs safeguarding.
Enforced homeworking has precipitated a new flexible working model that has become the norm. Consequently, the number of internet-connected devices is expected to balloon from 31 billion in 2020 to 75 billion in 2025. Not only is this facilitating convenient hybrid working opportunities; it has opened the backdoor to cybercriminals who have a much larger attack surface to target – and social engineering is typically their weapon of choice.
Phishing remains the most common cyber threat faced by businesses in the UK - a trend that has been amplified by the pandemic. For example, the bogus Covid-19 tax refund email directs targets to a fake government website, where they’re prompted to enter their payment information to receive the refund. Having compromised the data, the cybercriminals use it to access the victim’s personal finances. According to a recent survey, 47% of individuals fall for phishing scams while working at home.
Amid the onset of the pandemic, UK businesses were in the firing line of an unprecedented number of cyber-attacks. With resources depleted during this testing period and businesses in full survival mode, many lacked the resources to combat cybercrime in 2021. For example, security controls were not applied to new remote working systems and good practices were overlooked in the rush to achieve homeworking at scale.
The UK government’s Cyber Security Breaches Survey underscores this worrying trend:
- Fewer businesses report having up-to-date malware protection (83% vs. 88% in 2020).
- Fewer businesses have set up network firewalls (78% vs. 83% in 2020).
- Fewer businesses are carrying out security monitoring than in 2020 (down from 40% to 35%).
Perhaps most alarmingly, 84% of businesses say Covid-19 has made no change to the importance they place on cybersecurity.
Benjamin Franklin astutely said: “By failing to prepare, you are preparing to fail” - which rings true when it comes to mitigating the threat of cyber-attacks. Imagine you were a professional boxer: they don’t enter the ring hoping their opponent hasn’t put in the hard yards in training; they prepare for battle meticulously. And that’s exactly what a cyber-attack is: a battle between you and the cybercriminal that has targeted your device or business. If you adopt a laissez-faire approach to this sophisticated threat, you might be dealt a jarring blow as they feint their way behind your defences.
The pandemic has brought the importance of adopting a proactive approach to cybersecurity into sharp focus; one that prevents an attack from happening in the first place. You must not be complacent about cybersecurity. Whether you're a business or a consumer, responding reactively to these sophisticated and constantly evolving threats will restrict you to damage limitation - depriving you of the foresight required to remain resilient. So what should you do?
You should treat your digital assets as a proactive business would - otherwise your personal data could be compromised, resulting in financial losses. This means taking the time to do the following:
- Take inventory of your digital footprint: With your personal information scattered across the digital ether, it’s important to think about what’s stored where. Start by answering important questions like: How many websites store your credit card info and how many have an up-to-date card number and expiration date? If you no longer use a particular site, you should delete your account profile.
- Prioritise your most sensitive accounts: You can prioritise your accounts by the sensitivity of the data such as personal financial information and personal health records. By prioritising the most sensitive accounts, you can ensure you implement the necessary security controls.
- Set access control and authentication for priority accounts: Set stronger passwords, change your security questions, implement higher levels of authentication where available and strong privacy settings. Where available, set two-factor authentication (2FA) for applications such as online banking.
- Security patches, providing information online and backing up data: Keep your operating system, browser and other critical software up to date with the latest security patches. Limit the amount of personal information you share online to reduce your digital footprint. Back up your data regularly via an online service and/or offline to an external storage device.
- Have a recovery plan in place should the worst happen: Monitor your accounts for suspicious activity and be vigilant when it comes to suspicious emails and phone calls. Keep a list of important numbers to call in the event of identity theft, so you can report lost or stolen cards immediately.
Don’t expose your business to financial loss, reputational damage or legal action by crossing your fingers and hoping you aren’t targeted by a cyberattack; implement measures that preemptively identify security weaknesses, help you keep pace with rapidly evolving threats and add processes to identify attacks before they happen. To achieve this, your business should invest in developing a holistic cybersecurity strategy that establishes proactive and meaningful security controls and culture. This should encompass:
Homeworking has opened multiple new points of entry for cybercriminals, who have identified vulnerabilities in IT systems due to the widening attack surface - thrusting it to the top of the cyber agenda. Essential homeworking cybersecurity practices should include:
- Antivirus protection: Employees using personal computers should be provided with a licence to antivirus and malware software.
- Cybersecurity awareness: Brief employees on best practices to regulate the sending of emails or other content to private email addresses and/or cloud storage.
- Phishing awareness: Brief employees about remaining vigilant when receiving emails and checking the authenticity of the sender’s address.
- Home network security: Employees must ensure their home Wi-Fi is protected by a strong password.
- VPN: Virtual private networks provide an additional layer of protection to internet use from home.
- Identify weak spots: Run tests to identify weaknesses and patch the most critical vulnerabilities immediately - such as vulnerability scanning or penetration testing.
- Frequent reviews: Frequently evaluate cybersecurity risk exposure and determine whether existing controls are robust enough amid evolving threats.
- Renew business continuity and crisis plans: Update business continuity plans and consider cyberattack scenarios.
The right strategy must recognise that cybersecurity is not just an IT issue, boards need to consider consumers' awareness and cynicism about how their data is used. Forward-thinking businesses communicate the dangers of cyber threats to their customers by leveraging content marketing channels, creating cyber-focused digital content, using engaging - non-technical - language, leveraging social media and providing step-by-step instructions. Empowered by this information, consumers can be proactive in their approach to cybersecurity.
Employees are a vital layer in the fight against cyber-attacks. This first line of defence must be invested in cybersecurity for it to be effective - and a positive cybersecurity culture will underpin this. According to the European Union Agency for Cybersecurity (ENISA), the cybersecurity culture of an organisation refers to “the knowledge, beliefs, perceptions, attitudes, assumptions, norms and values of people regarding cybersecurity and how they manifest in people’s behaviour with information technologies.”
A proactive cybersecurity culture is achieved when a business embeds relevant security considerations into employees’ day-to-day actions. Get this right and you will imbue an organic culture that develops from engaged attitudes and behaviours towards cybersecurity.
Clear Currency specialises in helping businesses that operate internationally to save money and execute safe and speedy transactions when making international payments.
Transferring large sums of money into another currency and transferring them overseas can be daunting and confusing. Aware of this, we use our knowledge and experience to cut through the jargon and provide you with a friendly and personal service.
We recognise that it’s impossible to accurately predict how exchange rates will perform; therefore, it’s prudent to plan for all eventualities. In addition to helping you benefit from quick, easy, reliable and secure transfers, your dedicated account manager can mitigate the impact of currency risk on their value.
Your business can’t afford for international payments to be delayed or inflated in price. Therefore, it’s vital that they are made on time and you know exactly how much you will receive once they are executed. This brings the need to protect their value from currency market risk into sharp focus.
Your account manager will work in partnership with you throughout the international payment process. For example, before you make an international payment they can prevent the cost from escalating, so you receive the required amount. Because fluctuating exchange rates make it hard to judge how much you’ll pay at any one time, your account manager can help you execute a forward contract to secure the cost of each payment. This allows you to lock in an exchange rate for a date in the future, securing the price of your payments when the time comes to execute them.
Having secured the value of your international payments, it’s time to ensure they're efficient - after all, you’re going to be making a lot of them. Rather than executing them manually, your account manager can help you automate each transfer around your specific schedule - whether it’s weekly, monthly or more irregular intervals - using a regular payment plan. This vital tool allows you to set up convenient, fee-free automated payments that make managing your finances a whole lot easier.