There is nothing quite like adversity to bring people together. If anything positive can come out of the tumultuous time we’ve had since Covid-19 changed our lives, it’s the reminder that when the going gets tough, people come together, help each other and have the courage to face challenges stronger together. And this also applies to the field of cybersecurity.
As Covid-19 started to sweep across the globe much of the world was preoccupied, quite legitimately, with the threat of a deadly virus. At the same time, busy cybersecurity professionals were bracing themselves on a very different front line. Already in high demand tackling an ever-growing threat landscape, they were suddenly looking at a tidal wave of potential risk as the world pivoted at speed to remote working.
Overnight, the solid ‘walls’ built to protect enterprise technology systems fractured into tiny pieces and spread far and wide as employees took their work IT equipment home to connect to their home networks. Protected by varying levels of security, employees unintentionally expanded an organisation’s security perimeter with the sole purpose of ‘getting the job done’ the best they could.
By March last year, just as lockdowns were coming into force in the UK, cybercriminals had already started to incorporate references to COVID-19 into a range of campaigns to catch people at their most vulnerable.
Pre-empting a dramatic shift in threats, those at the leading edge of the cybersecurity front line came together. As detailed in the latest Sophos 2021 Threat Report, Sophos chief scientist, Joshua Saxe put out a call on Twitter to rally the industry to come together and as a result, more than 4,000 security analysts formed the COVID-19 Cyber Threat Coalition (CCTC).
After all, quick responses come with the territory and the cybersecurity industry is not shy about forming strategic alliances against a common threat, which is just as well. The Sophos report revealed that during 2020, the industry saw greater sharing of ransomware code between adversaries, with analysts discovering that some ransomware groups were appearing to work more in collaboration than in competition with one another.
Keen to capitalise on the threat and cost of downtime, ransomware threat actors pushed the limits of what they can extract in a ransom attack, with the latest Sophos report revealing that the average ransom pay-out in the just completed quarter totalled the equivalent of $233,817.30, payable in cryptocurrency, whereby that figure was just $84,116 a year ago.
Threat actors also targeted critical education and health institutions, even hospitals already fighting the medical front line. It is reassuring, therefore, that investments in security and privacy are at an all-time high across public and private sectors.
According to the latest Harvey Nash / KPMG CIO Survey, security has become the top technology investment priority for CIOs and for the first time in the survey’s 22-year history, cyber-security expertise topped the list as the most in-demand skill set.
Late last year also saw the Government decide that there is strength in unity when it announced a £1.5bn investment in the creation of a National Cyber Force to aid the UK’s ability to fight large scale cybercrime. Described as bringing together critical capabilities from across government, the NCF has been positioned as a force for good that will combine the individual strengths of Strategic Command, GCHQ and SIS under one unified command to protect our national security.
As we enter a new year that, unfortunately, appears to deliver more of the same, there continues to be a collective feeling of reflection on a year just gone that has tested all manner of personal, professional, offline and online boundaries. While the testing environment continues to provide fertile ground for cybercriminals to act, there is hope in the unity it has also fostered. In the cybersecurity world, it is promising to see greater collaboration between those fighting on the digital frontline together, harnessing an even greater sense of purpose to share intelligence and keep us all safe.
Let’s hope the industry can keep this passion for unity going as we progress through 2021!
— Katie Owen, Associate Director and enterprise tech specialist