The Government recently published their 2021 (March 2021) Cyber Security Breaches Survey, detailing the types, frequencies and threat level of cyber attacks on businesses over the last year. The report was dominated by the impact of the COVID-19 pandemic on all aspects of business operations, from increased threat of phishing and scams to issues relating to remote working or employees using their own devices for business-related matters.
A new question which was added to this year’s survey found that 34% of businesses have a Virtual Private Network (VPN), a direct response to the work from home requirements (is this a requirement from HO for Biz to operate?) introduced as a recommended imperative for resilience throughout the pandemic. By contrast, the logistical difficulties of remote working meant that fewer businesses reported having up-to-date malware protection (83% compared with 88% in 2020), and only 78% had set up a network firewall, compared with 83% the previous year.
This highlights that the demands of adapting to a different style of working environment exposed areas of vulnerability in businesses’ cyber resilience strategies, highlighting the need for a more widespread understanding of – and engagement in – cyber services that incorporate the risks of remote working.
As it stands, only 23% of businesses reported having a cyber security policy that also covers home working, with 31% reporting that their business continuity plan also covers cyber security – another new question for the 2021 survey. The pandemic has highlighted the urgent need for businesses of all sizes to address their ongoing cyber resilience plans, in order to protect themselves from future incidents that could compromise their security. Cyber attacks continue to be a very real threat to businesses, with 39% reporting that they’d experienced a cyber security breach or attack in the last 12 months, and 27% of those saying they experience them at least once a week, with phishing and impersonation the two most common incidents.
The three most common challenges presented to businesses as a result of the COVID-19 pandemic were identified as:
· Direct user monitoring, which made it harder for employers to catch and deal with cyber attacks.
· Making changes to hardware and software, due to the fact that staff were working remotely which created more endpoints to keep track of.
· Stretched resources and competing priorities due to the impact of the pandemic. This included challenges posed by a lack of time, reduction in personnel, more focus on business continuity as a priority and a lack of understanding around cyber security issues.
With many organisations considering a more “blended” approach to working environments post-pandemic, it is crucial to identify the areas where they are most vulnerable to attack and ensure that they have taken the appropriate steps to protect themselves and their employees.
Businesses who are struggling to know where to start when it comes to implementing a new cyber resilience measures (or bolstering an existing one) can contact their regional Cyber Resilience Centre for guidance. The new network of Cyber Resilience Centres established by national law enforcement, supported by the Home Office are live and there to help micro and small business and third sector organisations in particular.
From free Core Memberships to affordable baseline services, as well as a way to find Trusted Partners offering Cyber Essentials Plus Certification, each CRC across the UK has been established specifically to help SMEs and sole traders become more cyber aware and cyber resilient.
Visit our Network page to find a Centre near you.
You can read the full Cyber Security Breaches Survey 2021 here.