With many of us stuck inside our homes, a pandemic like COVID-19 is an apt opportunity for hackers to strike. But even as ample awareness takes place, the average consumer doesn’t care about security as much as they should. Why is that? In a word, convenience.
Take Zoom. Remember those few days where almost everyone reported about Zoom’s many security issues? Governments and tech giants publicly banned employees from using the software. Yet, there seems to be no slowdown of Zoom meetings. Even media platforms that reported about Zoom’s security issues continue to use the software publicly. Times like these, convenience is so important. Particularly when it involves technology.
In Zoom’s case, the value offering as a means of convenience far outweighs the cons for the normal user. When you’re trying to make a living amidst a global pandemic, you would want technology to make things easier for you.
But this isn’t unique to Zoom or COVID-19. Even Microsoft Teams, a competitor to Zoom, was vulnerable enough that company data could have been stolen by a simple GIF. One might think that something of that nature will entice users to tread carefully in the online space. Unfortunately, that isn’t the case.
Cybersecurity has long been a concern in the general domain. But cybercrime has been on the rise during the past few years. In a 2019 report, Accenture estimates a whopping $5.2 trillion in cybersecurity-related costs within the next 5 years. The question is, why are we still lagging in addressing cybersecurity? It's part ignorance, part unawareness, and part unaffordability.
Cybersecurity is a luxury many small companies can’t afford
Much of the reported security breaches are from large corporates. Why? Because security breaches in large companies translate to massive numbers, usually in millions either in data or dollars (or both). Although this often brings in much-needed attention, it doesn’t always reflect the full picture. The smaller organizations’ side is hardly given enough attention.
Large scale security breaches may prompt big companies to be proactive towards cybersecurity. But unlike the big corporates, smaller companies do not have the muscle to pull through. Cybercriminals know this and target such companies as a result.
According to CNBC, 43% of online attacks are aimed at small businesses. However, only 14% are equipped to handle such attacks. On average, cyberattacks cost businesses around $200,000, an almost six-fold increase Year on Year. As a result, 60% go out of business in 6 months following a cybercrime incident.
It isn’t surprising given the actual costs of a cyberattack. The losses include the financial damage of the attack itself, the effect on a company’s brand value and goodwill, investigation expenses, legal fees, etc. All this tally up to unbearable costs for small businesses.
Even in such a scenario, businesses still continue to underestimate the threat of a possible cyberattack. As per Keeper Security’s 2019 report, almost 66% of 500 leaders of SMBs believe a cyberattack is unlikely. Essentially, this leads to a lack of planning for cybersecurity across the board. Companies end up without a cyberattack prevention plan, a security policy. Leaders may not even have an idea of where to start with cybersecurity. This issue trickles down from the management to every single individual in a company.
Lack of awareness
When companies as a whole downplay the importance of cybersecurity, it's hard to make the case for individuals. If the company doesn’t care enough about security, how will employees? This is where the cybersecurity issue starts to propagate at an individual level.
The same Keeper Security report states that 73% of SMBs under $1M in revenue believe they are unlikely to face a cyberattack. “We are too small, too new, too unappealing to be targeted” is a sentiment that draws parallel among the general audience as well.
The idea that one’s digital activities are uninteresting enough for an attacker to ignore, is a misguided notion. If anything, putting your guard down in the digital space makes you a far more likely target.
But unlike companies, security at an individual level need not be a comprehensive plan. Maintaining one’s security starts with simple tasks like updating your passwords and your software. Of course, there are practical issues. For example, we use so many services online that it has become practically impossible to change passwords often. But the problem also bleeds into the fact that consumers don’t care enough to pay attention.
Remember WannaCry? Out of the 150+ countries affected, England’s National Health Services (NHS) was one of the hardest hit. But the extensive damage could have been easily avoided if computer systems were kept updated in the first place. With the vast number of products and services we use every day, there are bound to be security vulnerabilities. Its important that users are attentive enough to update systems.
Security needs to be part of the design process
Speaking of systems, part of the responsibility also falls on the service providers too. As the Zoom scenario demonstrates, it's not uncommon to see cybersecurity as a compromise for convenience. When UI/UX takes precedence, security takes a backseat during product development. It only takes priority as a reactive measure rather than a proactive one.
For products and services to work at an optimum level, security needs to be part of the design process. After all, the current situation is only amplifying the need for secure products and services. Many people from around the world are trying to achieve normalcy through the comfort of their homes. This means that people, whether tech-savvy or not, are heavily reliant on technology. It should not be as simple as sending an emoji to crash your phone.
It's up to all of us
At the end of the day, it's up to all of us. More people get tech-savvy by the day. But that still hasn’t stopped cybercrime from rising on a global scale. The current pandemic situation is only fueling this trend.
Thereby, as individuals its vital that all of us take extra precautions when engaged in the digital space. It can be as simple as changing your password or updating your Windows OS. But it could very well safeguard your digital privacy.