The pandemic placed immense urgency on businesses to get all kinds of digital transformation projects live as quickly as possible, and that is almost certainly a driving factor behind a surge in attacks, says Peter Klimek, Director of Technology at the cyber company Imperva.
In a study of nearly 4.7 million web application-related cyber security incidents, Imperva Research Labs has found that attacks are increasing, on average, by 22 per cent each quarter.
Klimek says: “The changing nature of application development itself is also hugely significant. Developments like the rapid proliferation of APIs and the shift to cloud-native computing is beneficial from a DevOps standpoint, but for security teams, these changes in application architecture and the accompanying increased attack surface is making their jobs much, much harder.”
Losses relating to fraud and cyber-crime have spiralled during the pandemic; the UK firm points to the National Fraud Intelligence Bureau’s estimate that around £1.3bn was lost in the first half of 2021 alone, more than three times the amount lost during the same period in 2020. These figures suggest that the problem will continue to worsen throughout 2022, the firm suggests.
Klimek added: “Businesses are seeing more traffic through their web applications than ever before, in particular APIs. More than 70 per cent of web traffic now comes through APIs, meaning businesses’ exposure is only getting higher.”
A nationwide study of 2,000 UK employees on the country’s cyber resilience and their own attitudes to security found a lack of awareness towards cybersecurity in the UK, according to a security platform provider, Armis. Despite most, 60pc admitting to having been impacted by a cyber-attack, only 27pc felt they were aware of the associated risks, while one in ten (11pc) admitted to not worrying about them at all.
Andy Norton, Chief Cyber Risk Officer at Armis said: “It’s alarming to think that so many individuals will pay extra to invest in home, car or phone security yet will refuse to protect their online identities. With remote working and so much of ourselves being stored online, individuals risk being targeted in a variety of scams and attacks. To make matters worse, with only one in five people paying for online security, organisations are put at risk of breach as attackers can use individual devices and accounts to gain access to corporate networks.”
Hackers’ approach
As we come out of the pandemic businesses are focusing once again on security and asking more questions about it, says Scott Dodds, CEO of managed services firm Ultima. He says: “Hackers have become more subtle in their approach, hiding in corporate networks for longer, waiting for the right time to attack. Using the latest security tool sets and ensuring the right backups and disaster recovery plans are in place and tested is critical to business survival. How do you provide the right level of behind office firewall while offering flexible working outside the office? Also, we are still seeing too many businesses with simple gaps in their security, for example out of date patching, so automation of security will be key.
“And woe betide those businesses who don’t have the right employee training in place to ensure all staff know how to keep their tech and business secure. Without a two-pronged approach of using the latest security tech and training businesses will remain vulnerable.”
Peter Prahl, SVP International and Digital Cloud for the web hosting company IONOS says that although it has many benefits, hybrid working can create a variety of technical challenges. “With clear education and knowledge gaps within businesses, and companies still managing the impact of the COVID-19 pandemic, it’s a time when many organisations are more vulnerable than ever before.
“With hybrid working creating more complex environments to manage, considering a multiple cloud strategy to address different use cases can be hugely beneficial to not only address cyber-threats but manage sensitive data securely as well.
“An improved cloud strategy can provide scalable, flexible and most importantly secure platforms for businesses. For those unsure where to start, external cloud providers can work with IT teams to put a strategy in place tailored to your business’s hybrid working needs, while offering an extra layer of defence and additional knowledge on ever-evolving cyber threats and legislation changes.”
