What causes change in business practices? Innovation and reaction: the two are not mutually exclusive by any means, but these are the driving needs behind the evolution how business can be safely conducted.
Over the past couple of years there have been several factors that have influenced changes that we have all had to make:
1. The big obvious one is COVID-19. The workforce that could, went home, and the rest took a lot more of a cautious approach to everyday activities. Decreased contact and exposure to others among many other things.
2. Increased hostility from certain countries and in turn, their state-sponsored cyber warfare / crime organisations.
3. In reaction to the vulnerabilities brought about in point #1 above, an increase in the number and activities of commercial cybercrime organisations.
Point #1 changed many things, not least it increased the risk of cyber attack as people working from outside of the office are at a distinct security disadvantage. This increased vulnerability led cybercriminals to become quite innovative; seeing the opportunity to “make hay while the sun shines”, they set about making money.
It turned out that this was very successful, so successful in fact that there has been quite a boom in this nefarious sector, with new cybercriminal organisations popping up all the time to partake in the easy money. This growth in the market, led to those that develop the tools used by cybercriminals to have larger budgets to make more and better tools. In short, this sector is getting very good at what it does.
The line between organisations mentioned in points #2 and #3 is a very blurry one, as frequently both will use the same tools and to similar ends. The main difference is which targets are selected. The state sponsored organisations aim to maximise hassle for other states or for key organisations that take a stand against them, whereas commercial organisations only care about maximising the return on their investments and efforts. Both types are very scary and should be taken very seriously.
From the point of view of a cybercriminal there are two differences between a large and a small business:
1. The potential amount of money that can be made. This is something that over the years, they have got very good at working out: what is the highest amount that the victim is likely to pay in a ransomware attack for example.
2. The ease with which an attack can be conducted.
Bigger businesses have more to lose so they have better defences, sometimes just about impregnable to all but the most determined and clever cyber criminals. This means that their time is often better spent going after smaller companies, where the victims might not have properly woken up to the threat yet. Sure, it’s less money but it is so much easier and so much quicker.
To tie this up, the fallout from recent events has left the world in a cyber arms-race. Either your business tools up with professional help, or waits to become a victim: the odds are increasingly not in your favour if you choose to do nothing.