Although companies of all sizes are increasingly confronted with cyber attacks, too few have a strategy for cybersecurity.
If 2020 was exceptional in terms of global health, 2021 will have been the year of the explosion of cyber attacks on companies of all sizes.
Since the start of the health crisis, cyber threats have increased by 400%.
A cyber security strategy is still too often lacking.
Humans themselves are the weakest link in cyber security.
Around the world, attackers are setting up four main vectors to attack an organisation's environment:
- identity theft
- exploitation of vulnerabilities
Globally, ransomware increased by 13% to 25% of all compromise incidents, while the supply chain was involved in 62% of incidents.
Among the main targets of cyber attacks, security specialist CheckPoint lists:
- education and research
- government and military sites
- communications groups
- IT service providers
20% of IT managers have experienced a fraud attempt originating with a teleworker (with a sharp increase since the generalisation of teleworking).
2 in 3 companies have experienced a fraud attempt and 1 in 5 have experienced more than 5 attacks.
33% of companies that have experienced fraud have suffered a loss of more than €10,000.
82% of security breaches are caused by human error, with telecommuting, spam , information not deleted on old devices are the culprits.
94% of cyber attacks are triggered by an e-mail.
In Belgium the pandemic can be seen as a driver for cybercrime. Social engineering, spam a& phishing, and lost or stolen devices were among the top three cybersecurity incidents.
Among companies, 70% of the incidents were deliberate and related to the increase in homeworking during the pandemic.
Moreover, these companies often have only basic protection (such as antivirus software), but no anti-spyware or anti-spam software or a firewall.
Only 20% of companies are protected by a security professional, while 80% leave their IT security to their managers or have not appointed a manager.
On the other hand, the use of backup is increasing (+56% compared to 2020), indicating that SMEs are aware of the risks of a cyber-attack.
However, only 8% of companies have encrypted computer data, which makes confidential data and passwords vulnerable to hacker attacks.
Another concern is the distinction between private and professional life. For example, almost 60% of employees have already shared a password with an external person via the company's internal Wi-Fi, and more than 30% of companies do not delete data from devices that are being replaced.