More data records have been compromised in 2020 alone than in the past 15 years combined. Over the past 12 months, 31 billion data records have been compromised, up 171% from the past year and over half of 55 billion compromised data records since 2005, found Canalys.
Cases of ransomware – a specific type of attack that encrypts servers and data to block access to a computer system until a sum of money is paid – have been on the rise, with the number of reported incidents up 60% compared to 2019. This unprecedented boom in attacks forced organizations across the world to adopt digitalisation without considering the new security requirements that come with online business.
Retailers adopted e-commerce while the hospitality sector turned to new platforms for home delivery, and manufacturers digitized supply chains to improve the accuracy of production lines. Organizations across the globe switched entire workforces to WFH almost overnight. The number of remote-working employees jumped from 31 million before the pandemic, to just under 500 million.
Business Continuity Measures implemented at the expense of Cybersecurity
Money was invested in digital technologies and the cloud to move processes online and adapt to new ways of working. Organizations had to implement business continuity measures quickly in response to the COVID-19 pandemic or risk going out of business. These measures were often at the expense of cybersecurity and bypassed longstanding corporate policies, leaving many exposed to exploitation by highly organized and sophisticated threat actors, as well as other more opportunistic hackers.
“For many, cybersecurity was an afterthought, as they had to focus primarily on staying in business.”
More data records have been compromised in 2020 alone than in the past 15 years combined
The fast-paced digitization of business has opened up many new attack vectors for threat actors to exploit. With employees now accessing company information from many different locations, and more data being stored and processed outside of traditional, office-based IT environments, new security measures are needed.
Yet businesses do not seem to have taken this seriously enough. While investment in cybersecurity did grow by up to 10% compared to the previous year, other priorities took precedence: for example, cloud services grew 33%, while cloud software services grew 20% during the same period. Investment in cybersecurity also compares poorly to the growth of collaboration tools, remote desktops, notebook PCs and even home printing.
In other words, the pace of digital transformation was not matched by sufficient safeguarding of networks against cyber threats. A similar observation was recently made by the head of the UK’s national cyber security centre (NCSC) Lindy Cameron, who reiterated that cybersecurity should be viewed with the same importance to CEOs as finance, legal, or any other important department of the company.
Datasets are getting larger, and organizations are collecting increasingly sensitive information about their customers, either as part of their digital transformation process or to personalize products and services. At the same time, threat actors are becoming ever-more successful, for example using automated bots to drive sophisticated attacks.
Business executives need change their mindset from “if” a breach will affect their company to “when”. “Prioritize cybersecurity and invest in broadening protection, detection and response measures or face disaster,” concludes the report. “This is the stark reality for organization in 2021. For many, it is too late.”