Many companies have been making a clear commitment to protecting themselves against cyber-threats for some time now. Trust and investment in cybersecurity is growing, and the COVID-19 pandemic has only accelerated this trend, mainly due to a full commitment to a digital transformation in operations, distribution and user participation.
The arrival of COVID-19 has had a significant impact on organisations and the way they work worldwide. They have mainly been driven to rely on teleworking, which has significantly increased the use of video conferencing and team collaboration applications. In fact, many companies are evaluating permanent remote working for at least part of their staff, some as high as 30% of their workforce.
Over the past three years, cyber security has continued to grow as the priority trend for many companies, and today they continue to allocate more resources, while increasing the involvement of management teams and making investments that show that cyber security is one of the top priorities.
The companies that had the most stable and mature cybersecurity policies were those where management was most involved in cybersecurity, underlining the importance of management commitment to its implementation. This is reinforced by the macroeconomic uncertainty that is looming with the crisis that originated with COVID-19.
Furthermore, in the last year, the percentage of general benefits that cybersecurity brings to companies has risen from 0.34% to 0.49%, while the percentage of expenditure on cybersecurity in relation to the IT department’s budget has risen from 10.1% in 2019 to 10.9% in 2020. In addition to these figures, the Spanish cybersecurity market will grow by 6% this year compared to 2019, bringing its turnover to 1,381 million euros.
This considerable growth is mainly due to the new global situation in which we find ourselves with COVID-19, and that is that now, this new reality is forcing cyber security to be more proactive, more vigilant and more complete than ever. It is currently undergoing a revolution as these changes in society, technology and the professional world transform the way in which networks and data are organised.
With the advent of telework, many employees around the world have had to move from the office to their homes. These workers are supposed to maintain their productivity and social distance equally, but their dispersion is an obstacle to security.
In addition, more and more companies are adopting cloud-based solutions, and this is not a problem in itself, but when these companies do so in a fragmented way, it places a burden on IT. Organising multiple cyber security products from different providers used to be manageable, but with the advent of viruses and teleworking, this organisation has significantly lower returns, and this can open up a gap in the entire network. Experts say the solution to this comes in the form of SASE (Secure Access Service Edge), a new security model that combines the different functions offered by network and security solutions into a single unified cloud platform, to be delivered as a service without any hardware or devices involved. This new model allows IT teams to easily connect and protect all networks and users in your organisation in an agile, cost-effective and scalable manner.
On the other hand, the arrival of 5G has accelerated and is getting closer. This will have major security implications for businesses, for example, data mining by cyber criminals will occur faster, due to increased bandwidth availability.
The development of new processes and services based on technological advances opens the door to new cyber-risks. That is why the first challenge for companies is the rapid change in IT and the complexities that this entails, while the second is the fact that it is difficult to find cyber security experts who are capable of keeping up with the rapid pace of these developments. In addition, organisations consider it important that their customers see them as responsible for cybersecurity issues, so they believe it is essential that their new products and services, as well as new channels of contact, are fully cybersecure, eliminating all possible cyber risks.
Concern for maintaining data security
In recent years, implementing cloud technology has been one of the main objectives, followed by data analysis, mobile service enabling technology, Artificial Intelligence and RPA.
These technologies are characterised by the importance that data acquires. Having access to customers’ data, both personal and that generated by them through their interactions, is essential for the development of these technologies. And today, data has become a very valuable asset.
As a result, cyber criminals know that data is the most valuable asset companies have at their disposal today, and companies are aware of the importance of keeping this data safe from potential cyber attacks.
Concern about keeping data safe is growing, to the extent that it has been gaining priority in recent years, rising from fifth place in concern in 2018 to third place in 2020, behind access control and protection technology, which in turn also serve to protect data security.
If we talk about SMEs, this concern even comes first, as they are an attractive target due to their lack of resources and preparation to defend themselves against such attacks.
The biggest challenge facing SMEs is the shortage of staff to deal with cyber risks, attacks and vulnerabilities, while the second biggest problem revolves around limited budgets. The third biggest challenge is that companies may not understand how to protect themselves against cyber attacks. With this in mind, it is logical that employees may not be able to identify potential threats or attacks.
This shows that underestimating adequate cybersecurity training can seriously damage a company in the long term. While good training can be a costly investment, dealing with the aftermath of a cyber attack can be even more costly.
Remote access, a new source of risk
The health crisis resulting from COVID-19 has led to changes in many patterns of behaviour in society, especially those related to physical contact.
This is why many users who until now had to go to offices, shops, etc., to carry out any daily procedure, have made the leap to digital services. In fact, for example, in the banking sector, the Nucoro bank estimates that 6 million people downloaded their bank’s digital application onto a smartphone for the first time between 14 March and 14 April; and according to the TSB bank the average number of customers who registered on its mobile application almost tripled in the quarantine; from just over 1,270 to almost 3,480 per day.
Perhaps it can be thought that these downloads and new uses are a temporary necessity but there are already users who say that their new confidence in the digital world has transformed the way they carry out operations, and perhaps this change is forever.
Cybersecurity must reach all departments
The risk of suffering a cyber attack is no longer just a technological risk, but also a commercial one, so cybersecurity must be given sufficient weight and prominence. It must not remain anchored in the IT team, but must go beyond this environment and reach all the departments of the entities. It must be a fundamental part of the lines of action of any department and of any future business plan.
Having a committed management team can help the entire organization focus on the challenge of managing cyber risk while ensuring that adequate resources are allocated.
Cybersecurity technology and service providers are changing priorities to support today’s needs: business continuity, remote working, and planning for the transition to the next normalcy.
The COVID-19 crisis has in many cases accelerated the digital transformation. Users, even the most reluctant, have also begun to adopt uses in which technological innovation is key.
Companies that acted quickly to reorient security to cover remote workers and business continuity during the COVID-19 crisis must now prepare for the future. Such preparation includes determining the allocation of cybersecurity budgets to support additional modifications.
COVID-19 is changing the technology culture and infrastructure of all organisations, both medium and large, faster than any other known event or phenomenon. This means that changes will continue to occur and cybercriminals will continue to take advantage of the increasing dependence on digital tools. Companies that focus on returning to what they had before the crisis will invest time, effort and money in a virtually lost battle.
The pandemic presents an opportunity for full-blown innovation, a dramatic change in perspective and the adoption of secure and resilient operating processes. The intensity and emphasis that an organisation brings to its cyber security strategy will determine whether the opportunity adds to the bottom line or becomes a business disaster.