As the world began battling a once-in-a-century pandemic in 2020, global companies were caught grossly underprepared for what followed. With remote working and digital tech becoming the default, companies scrambled to adjust, which exposed severe technological vulnerabilities that threatened business continuity.
Cybersecurity has become one of the biggest challenges facing businesses around the world today. The pandemic has set into motion a wave of cybersecurity incidents, the ripples of which are still being felt a year into this so-called “new normal.” As outlined in the 2021 SonicWall Cyber Threat Report:
- By March 2020, cyberattacks across the world doubled.
- In June, mobile phishing increased by 37%.
- During the same month, an unidentified European bank became the target of an 809 million packet-per-second DDoS attack — the largest to hit any network.
- In July, the Twitter accounts of several high-profile individuals, including Joe Biden, Barack Obama, Bill Gates and Elon Musk, were hacked to scam Bitcoin from followers.
- In September, cybercriminals threatened thousands of global organizations across a variety of industries with DDoS attacks unless they paid a ransom within six days.
- December 2020 saw the infamous SolarWinds intrusion, which industry pundits say had the most significant impact of any cyberattack in American history.
The SonicWall Cyber Threat Report for 2021 also highlights key cybersecurity trends from 2020: While malware attacks went down by 43% (perhaps due to limited visibility as the global workforce worked remotely), this drop coincided with record or near-record highs in other forms of attack. For instance, ransomware increased by a staggering 63% over 2019, intrusion attempts increased by 20% compared to 2019 (year-over-year attacks in Europe quadrupled), and IoT malware skyrocketed by a whopping 66%.
Research by Bain & Company near the end of 2019 found that executives at several corporations overrate their cybersecurity effectiveness and lack the strategic capabilities essential for a robust posture, with only 25% of companies following cybersecurity best practices. Given these findings, the exponential increase in cyberattacks once COVID-19 hit should come as little surprise.
Asia, a Fertile Ground for Cybersecurity Breaches
Even before the novel coronavirus disrupted businesses, only a handful of organizations, particularly in Asia and India, had the robust cybersecurity capabilities required to combat growing attacks. The pandemic has invariably expanded that risk multifold, given the shift in work patterns and operating models. The region is rife for cybercriminals to thrive (some reports suggest that Asia is 80% more likely to be targeted by hackers) due to poor cybersecurity awareness, growing cross-border data transfers, weak regulations and low cybersecurity investment.
Yet another report suggests that India witnessed the second-highest number of cyberattacks in Asia-Pacific in 2020 (second only to Japan), and accounted for 7% of all cyberattacks seen in the region.
And the data from the 2021 Cyber Threat Report supports these findings. For example, while Europe saw an average of 21% more encrypted attacks in 2020, in Asia, year-over-year totals increased by a mammoth 151%. Ransomware, too, saw a mind-boggling 455% spike in Asia.
Besides the lack of IT security-related awareness and limited budgets, the skill gap in the cybersecurity domain is another impediment faced by businesses in the region. And this gap continues to widen, with many cybersecurity experts constrained by the lack of career development and training offered to them and little strategic planning by organizations when it comes to cybersecurity.
The Road Ahead
Building a robust, viable cybersecurity system takes more than technology. It also demands long-term commitment and developing an array of strategic capabilities. While companies rolled out remote working security measures that included VPNs, endpoint protection and advanced authentication, they could not fully mitigate the inherent weaknesses in WFH models.
It is vital to continue ongoing measures such as continuously evaluating and adjusting technology standards, providing security awareness training to employees, and maintaining a security baseline for WFH. It is also essential for businesses to reassess and stay on top of their security capabilities as they modify operations for the post-pandemic world.
Over time, the cybersecurity business gap will continue to grow, threats will become more oblique, and skilled staff will be increasingly harder to find. It is vital for businesses to bridge the gap now, lest they fall victim to a cyberattack. Knowledge and business insights from assessing research and trends can alert you to the threats out there, but to become a truly robust and secure organization, cybersecurity should be a central pillar of your IT strategy supported by solutions that can identify and prevent sophisticated threats.