By Usman Rabbani Oct 22, 2020
Although digitally-enabled remote working prevented global business from grinding to a halt at the start of the coronavirus pandemic this year, the world is simultaneously witnessing a dramatic rise in cyberattacks. With sprawling corporate networks distributed across employee’s homes, networks, and devices, never before has there been so many possible points of attack for malicious actors to exploit.
Cyber criminals haven’t wasted their opportunity: Between January and March, the number of phishing sites grew by 250%1 while the global number of publicly disclosed cyberattacks increased by 41% between Q4 2019 and Q1 20202. COVID-related phishing emails increased by 667%3. Recent ransomware attacks at Garmin and the University of California at San Francisco have underlined the importance of securing data and research.
Cyberattacks are unfortunately nothing new, but in our new normal we’re seeing a step-change in the scale and variety of attacks. As Covid-19 pushes more activities online, this threat will only continue to evolve as data, devices, and distributed working proliferate. As the United States and Europe observe cybersecurity month this October, organisations on both sides of the Atlantic will have much to reflect on how they can enhance their online security given the scale of this new challenge. No one can be complacent, and no one is immune. There are a variety of threats we’re all exposed to, from malware attacks to data breaches. But regardless of the nature of the attack, there are a few best practices businesses can apply to significantly improve their security posture.
Understand the new landscape
Defining the nature of the new threats is the critical first step to understanding how to address them. Each company will no doubt have their own unique challenges. There are, however, commonalities that all businesses should be aware of and closely scrutinise.
First, the more distributed the workforce is across offices and homes, the less likely it becomes for individuals to follow the proper protocols to secure their activities online. But it’s not only employees that companies have to worry about: many employees share their devices and home networks with other family members including their children, creating an additional vulnerability for malicious actors to attack.
Second, cyberattacks are correlated with social unrest: the more unrest in society-at-large, the more susceptible businesses are to their employees becoming cyberthreats. 2020 has undoubtedly been a year of social tumult across the world and companies must remain vigilant to this risk.
Finally, although the rise of artificial intelligence (AI) has been an asset for cyber protection, bad actors are likewise deploying AI to find new vulnerabilities and vectors to attack. All of these trends point to the need for companies to have a more rigorous view of their device footprint, and for companies to rethink how to secure these access points across networks.
Elevate cybersecurity to the board level and appoint a Chief Information Security Officer
Whilst the pandemic has accelerated the digitalisation of businesses, cybersecurity should become a board-level priority to keep ahead of the threat of cyberattacks. As one of their first measures, board members should work with the CEO to appoint a Chief Information Security Officer (CISO) who will play a critical role in helping organisations build and enhance their security posture. This not only applies to a company’s applications, systems and networks, but CISOs establish and carry the culture to ensure everyone in the organisation is aware of their security responsibilities. A CISO also crucially alleviates the rest of the executive team from worrying about cybersecurity, allowing them to focus on the company’s business objectives and growth.
Recognise the low hanging fruit and act on it
While the process of reevaluating and revamping an organisational approach to cybersecurity may take some time, companies should address issues of basic security hygiene that can rapidly enhance network safety. Conducting regular external network penetration tests, as well as holding frequent training on cybersecurity with staff should become the norm to ensure the company can be immediately aware of where it’s most vulnerable.
These are the first steps to protect against the most virulent and elusive cyberthreats. But what’s also clear is that we need a new generation of innovators to provide enterprises with comprehensive solutions to protect against devastating cyberattacks, as remote working and widely distributed corporate networks are the reality for the foreseeable future.
This is one of the reasons why KKR recently invested in ReliaQuest: to accelerate the growth of a company tackling the cybersecurity challenges of 2020 and beyond. ReliaQuest is at the forefront of the cybersecurity industry – providing customers a software platform, called GreyMatter, and a team of highly trained cyber analysts, to deliver dramatically improved security effectiveness and efficiency. Ensuring ReliaQuest and our other cybersecurity portfolio companies Optiv, KnowBe4, and Darktrace, continue to scale, will be critical to help meet the exponential demand for security solutions. Worth $173 billion in 2019, the global cybersecurity market is set to grow to $270 billion by 20264.
Like many companies, we’ve recognised the need to be constantly working to ensure we’re a step ahead of bad actors. That means businesses need to conduct regular internal reviews of their security posture and complement it with the best external expertise to further identify any vulnerabilities. Only through doing so will we be able to rise to the challenge of ever-changing cyberattacks and secure our networks to ensure business continuity.
1. Google transparency report; transparencyreport.google.com/safe-browsing/overview
2. McAfee Labs; COVID 19 Threat Report; July 2020
3. Capgemini Research, Boosting cybersecurity immunity: Confronting cybersecurity risks in today’s work-from home world; April 2020
4. Australian Cyber Security Growth Network; Sector Competitiveness Plan - Chapter 1; 2019