The year 2020 has accelerated growth in every sector in digital dependence. On and off lockdowns have fully pushed students towards online education, employees working from home, and consumers to rely on ecommerce. Global internet usage surged 35%, the largest annual increase from 2013, and with online migration a strong increase in online threats, arrived. Cyber-attacks increased by 400% since Covid-19 began, and the National Cyber Security Centre revealed that 25% of hacks in 2020 were pandemic-linked.
The NCSC launched its campaign called Cyber Aware to inform businesses and consumers about cyber-security risks and how they should prepare for cyberattacks if these should they occur. One single cyberattack creates a domino effect of risks for organisations and individual victims. Stolen personal information is used by hackers in many criminal ways such as accessing bank accounts, opening new bank accounts and taking out e-loans in the names of victims. They may also make fraudulent purchases, transfer funds from compromised accounts, and use data to contact victims, duping them into handing over money directly, or access to bank accounts.
SIGNIFICANT BREACHES IN 2020
In mid-January 2020, Marriott International experienced its second massive data breach, two years after the earlier one was revealed. This affected 5.2 million guests with hackers procuring login credentials of two staff members, using credentials to access guest details, including names, dates of birth, phone numbers, and loyalty account numbers. One cyber-attack creates a risks domino effect for victims. The targeting of Zoom users reflects the long-term repercussions of cyber theft, and the importance of avoiding use of oft-repeated login credentials across multiple platforms, employing stronger passwords, and responding proactively to data breaches. More recently, Google suffered a significant cyber-attack in December 2020. To hack into Google requires massive effort and the quantity of compromised data which remains unknown. Specialists believe that a rogue State agency is behind the attack.
A COMPLACENCY CRISIS?
Frequent data breaches, suggests corporate “breach fatigue”, where management understands cybersecurity risks but passively accepts incidents as inevitable. Marriott, a two-time offender of serious data breaches, highlights this apparent indifference. One Ransomware Attack Cost £45m to fix and an activist watchdog could encourage companies to step up their data protection duties. The ICO faces criticism over dispensing fines, as in Marriott’s 2018 incident, just £18.4 million was fined instead of the original £99 million fine. The British Airways fine of £20 million in October 2020 instead of the original sum of £183 million. Both fines were significantly reduced, and such huge climb-downs could reduce the dissuasive effect meant to be produced. Apart from fines, organisations that breach the GDPR face significant compensation pay-outs. BA faces pay-outs of up to £3 billion @ £6,000 average claim for the 500,000 victims. Data breach compensations must reflect the impact on victims to account for emotional, financial, and psychological damage. Action Fraud, UK reported that cyber scams in 2020 resulted in losses of £16.6 million during the first lockdown. All interest groups must ensure that the 2020 serious cybersecurity lapses are not replicated again.
LOOKING TOWARDS 2021
The public’s confidence in online resilience needs improvement after 2020 due to major data breaches. It is critical for businesses/ consumers to re-focus on high cybersecurity standards in 2021. With very high stakes and ever-sophisticated attacks, 2021 should prove to be a turning point for cybersecurity.