EasyJet, CapitalOne, British Airways and Marriott are all huge companies with equally large budgets. Another thing they have in common is they all fell victim to a serious data breach, costing them hundreds of millions of pounds. If the major players with a lot of resources to devote to cyber security still get hacked, do SMEs with limited budgets stand a chance? It’s a dramatic question, so let’s explore the answer.

In 2018, the world’s trust was shaken. That year, it was revealed that Cambridge Analytica had furtively harvested data left exposed by Facebook. The information of over 87 million individuals was exploited to assemble voter profiles and customise the distribution of political advertisements in the run up to the 2016 US Presidential Election as well as Brexit.

Covid-19 is causing myriad challenges for businesses, with remote working, diverted priorities and a general scramble to maintain business-as-usual operations. This is unprecedented in UK industry, and presents a range of challenges and opportunities. In particular, hackers now have more time on their nefarious hands and a whole host of new targets in front of them, in the form of a large number of working-from-home employees.

Many organisations are acting to prevent the spread of Coronavirus by allowing their employees to work from home. In order to be able to do so comfortably, and without introducing a component of risk, businesses should follow certain best practices that can guarantee their digital assets are just as secure with a remote workforce as they would be in-house. Unfortunately, cybercriminals have already started to take advantage of this pandemic.

The past sixteen years have witnessed a staggering growth in the cybersecurity industry. With a global market worth of $3.5 billion in 2004, this figure mushroomed to $120 billion in 2017. It is now predicted to surpass $1 trillion by 2021. Alongside this growth is the upsurge of demand for cybersecurity talent, of which there is a severe shortage with an expected 3.5 million unfilled positions in a year’s time.

A modern dynamic business needs to be proactive about their cyber security. A data breach can be costly, with latest estimates said to be (on average) £3.18 million, and reputational damage can be even harder to recover from. Hackers can strike at anytime from anywhere in the world, which means businesses have to be on guard 24/7. This is where the Security Operations Centre (SOC) comes in.

Throughout the year, we have conducted hundreds of penetration tests. 20% of all tests contained a critical to high flaw. We define a critical issue as a flaw which poses an immediate and direct risk to a business. Having a critical flaw in an app or network will leave you vulnerable to a costly, reputation damaging data breach. Among these, default or poor passwords, as well as access control issues make up a large portion with outdated software being the worst offender.