Overview:
“The whole landscape changed, and effectively we have considered the pandemic a ‘zero-day’ exploit globally. The biggest shift has been that threat-based approaches are no longer sufficient. We have to take a risk-based approach - non-traditional in today's cybersecurity industry – particularly because the increasingly connected landscape demands it.”
The COVID-19 catalyst
“Step aside CTO, CIO, and CFO. COVID-19 joined the C-suite in 2020, leading change as companies were forced to rapidly set up remote work environments and enable digital customer experiences. Any thought of a paced and strategic digital agenda was tossed aside in favour of survival. Perhaps your company rapidly transitioned to the cloud. Under time and cost pressures, you execute a ‘lift and shift’ approach, quickly moving existing architecture to a new cloud environment.
“You may now believe that this strategy, necessary as it was, brought considerable security disadvantages and perhaps offset the many benefits of the cloud. Or, your organisation weathered the pandemic, but the board is now calling for more innovation; maybe urging deployment of artificial intelligence (AI) to inform smarter decisions. Change seems constant, and it is.”
Aon’s 2021 Cyber Risk Report: Balancing Risk and Opportunity Through Better Decisions
It has been well over a year since the World Health Organisation declared COVID-19 a global pandemic. In March 2020, as we left the office, none of us knew that we would not be returning in any major capacity until at least mid-2021. Organisations were thrust into a state of emergency; working from home was the only option to keep the lights on - leaving many with little choice but prioritise digital change over everything else, including security.
While the world struggled against COVID-19’s stranglehold, one sector was primed to captialise on the opportunity the pandemic posed. Cybercrime’s exploitation of this rapid shift in the digital landscape can be evidenced by the sharp uptick in the volume and severity of cyberattacks, including ransomware incidents, coupled with supply chain and support vendor vulnerabilities. The current environment poses a real risk to the mid-market: “58% of the attacks that happen in terms of numbers actually target our SMEs, so they are a key risk. They're the engines of our future digital economies,” Dr Jacqui Taylor says.
She continues, “The pandemic effectively brought an additional billion people online; the whole work-from-home movement meant that the one set of people who were prepared were the criminals. Across all of our digital economy, we had to handle that.”
Preparedness has been an ongoing theme for the London Work, Travel, Convene Coalition, and organisations have shared their experiences of how they coped in the COVID-19 early days. Aon Programme and Change Manager Ted Winterbottom says, “Were we prepared for disaster recovery? Yes, we were very well prepared. Some protocols had been tested to a degree. In terms of working from home, the technology supported us well. We had been encouraging people to work agilely within parameters. However, no one anticipated a business continuity event as dramatic as it was.”
With the global vaccination rollout now well underway, we must now prepare for a new phase of recovery. As organisations embark upon their Smart Working journey and return to the office in some capacity, many remain ill-prepared for the financial impact of a cyberattack, including crisis, defence, liability and regulatory expenses, and business interruption loss.
Nevertheless, the majority of the cyber threats organisations face are not new – connected devices, ransomware, and insider risk will be ever-present. But what is new is that COVID-19 has systemically altered how we conduct our businesses, and the zero-day event (that was the pandemic) has moved the level of risk forward exponentially.
The experts
Aon’s London Work, Travel, Convene Coalition talked to cyber experts to identify the top five risks that COVID-19 and Cyber present in 2021.