Mis à jour : janv. 4
The extraordinary year 2020 has certainly shaken the world economy, and cybersecurity has not been sheltered by any means. What effects occurred of the pandemic? Are SMEs better or worse protected against cybercrime ?
Effect #1: the explosion of remote work
Security of infrastructures has been massively challenged by this. Many companies did not start from scratch, as remote work has been an increasing trend for several years now. However the need to move nearly every worker out of the offices has been a challenge for many, and for some smaller companies it also meant moving server locations, when they lost access to rented premises.
Without executing these changes, companies could not function anymore, so there was no other option but use new services, such as remote access and cloud facilities.
A first wave of awareness of insecurity hit SMEs when they realised that the tools and infrastructure they had quickly moved to were not as secure as it should be.
Effect #2: the explosion of phishing
A second wave of awareness of insecurity then hit when phishing emails started arriving at a pace never encountered before, because hackers know their tactics work best in a context of instability and stress : humans have lost some of their landmark guides, lower their guard and accept for genuine many messages they would otherwise consider fake.
Effect #3: attacked where it hurts most
Finally, a third effect increasing the understanding of risks was the result of attacks on hospitals. These were widely relayed in the press, and everyone realised the cyber crime industry was not a marginal phenomenon lead by a few individuals that would pity the state of our health systems, but a real underground economy with no limits and no remorse. At the very end of 2020, attacks again impacted pharmaceutical industry involved in the research for vaccines, and even vaccination centers even though vaccination campaigns are only just starting.
As a consequence of these 3 effects above, we believe 2020 and the pandemic have therefore resulted in a significant increase in the awareness of cyber risks.
Effect #4: balancing privacy with public health
In parallel, privacy was also challenged by these times of national emergency in all nations. Compromises were made, even sometimes with the recommandation by CNIL or other European control agencies arbitrating global priorities: times were not about respecting privacy to the utmost level, but to do all we could to save lives. We all read about the difficulties met by the track and trace applications, in France and in the UK, to name only 2 countries.
This showed that current technology still lacks the built-in capability to easily reconcile privacy preservation and personal data processing, or at least to obtain the trust of individuals that it can actually do so.
Effect #5: the weakening of budgets
Now let’s take a step back and remember these 4 effects above took place in times of urgency, i.e. under time pressure, but also with a general realisation that a profound economical crisis would not be avoided, with no possibility to predict how long it would last.
Do you think that SMEs that has postponed IT security projects, for months or sometimes years, would, in these circumstances of urgency and in the context of saving as much cash as possible in anticipation of a potentially very long period of challenging business conjecture, suddenly decided to fund projects for the security of infrastructures?
Obviously the vast majority of SMEs downgraded even more the priority of security projects.
CyberSecura had decided not to aggressively prospect SMEs to secure their newly challenged infrastructure, being reluctant to exploit this medical and economical disaster, and not solid enough to offer to do it for free. We however stayed visible and worked on securing infrastructures of existing customers and responding to all inbound sollicitations.
However, these sollicitations were rare : the worries of SMEs were about saving cash, bracing for months of hardship to come. Several contracts we were close to conclude with strong SMEs, even ones installed with a dominant position for many years, were, on the contrary, cancelled and postponed to an unknown horizon, still to be reached.
Conclusion: GAIN of protection or increase of exposure ?
Far from any pretension of exhaustivity, I tried to summarise here the 5 effects of the pandemic in 2020 on the domain of security and privacy for European SMEs, from the point of view of a specialist service provider such as CyberSecura.
In order to enhance the security of digital practices by companies and individuals, thereby securing the overall digital economy, 2 major steps are to be taken :
Step 1- Increase the awareness of enterprises and individuals, to the general status of cyber crimes and to the actual risks faced by them and their businesses.
Step 2- Increase the numbers of actions taken by companies and any business stakeholders to enhance the security of businesses and ventures.
The 4 first effects listed above are in the right direction for Step 1. However effect #5 has decreased even more the likelihood of Step 2 occurring, cancelling out the positive effects on Step 1.
As we enter 2021 and vaccination campaigns start, we now hope that the gain of awareness, combined with the rebound of the economy to come, will mean an increase of security projects within the next few months.
We hope global disasters such as Covid-19 will not be recurring in the future, however business stakeholders must realise that contexts of emergency and times of economical hardship always include a rise in cyber risks that cannot be controlled without proper preparation.
Anticipation is the key to enhance the security of all businesses in crisis situation.
Do you want to get informed about the new articles published in our blog ?