13% of SMBs have already experienced a cyberattack since the COVID-19 pandemic began

More than one in five also acknowledge transitioning to remote work without a policy, according to an Alliant Cybersecurity report.

Why critical infrastructure is vulnerable to cyberattacks
2:38

Nearly one in seven senior decision makers said their organization has already experienced at least one cyberattack since the start of the COVID-19 pandemic, according to a new report by Alliant Cybersecurity.

Furthermore, more than one in five (22%) said their organization transitioned to remote work without having a clear policy to mitigate or prevent cybersecurity threats, the report said. Additionally, 17% said their organization is at an increased risk for a cyberattack and 12% said they would not know how to respond to one, the company said.

"These senior decision makers are vastly underestimating the opportunities for hackers to capitalize on the increased spread of information via cyber channels," said Rizwan Virani, president of Alliant Cybersecurity, in a statement. "With so many businesses rapidly switching to remote work for the foreseeable future, we are facing unprecedented vulnerabilities, especially for small- to medium-sized businesses lacking telecommuting experience." 

SEE:  Cybersecurity: SMBs are keeping up with big companies, according to Cisco survey (TechRepublic)

People responsible for the well-being of businesses across the country need to take a step back and reassess their internal capabilities to protect sensitive information, Virani said. "At the end of the day, these findings clearly showcase the need for businesses to take the offensive, and not remain complacent in what may be a defining moment for cybersecurity resiliency over the next 12 months." 

The mad dash to an unknown world of telecommuting

As cities across the US have gone into lockdown due to the coronavirus pandemic, there has been an unprecedented flight to remote working in industries that have either little or no experience with this workflow, he said.

Of those organizations that have transitioned operations to virtual/remote working since the outbreak began more than half (52%) either did not allow for regular remote working at all before coronavirus, or only made occasional exceptions, according to the report.  

Even with their lack of prior experience, respondents have high levels of confidence that their organization is working to mitigate potential cybersecurity threats and attacks, Virani noted, "begging the question, is this confidence unfounded or backed by plans and initiatives?"

Respondents were also asked about leadership confidence in mitigating cybersecurity threats. The findings were:

Very confident–45%
Somewhat confident–45%
Not very confident–7%
Not at all confident – 1%

While respondents feel confident in their cybersecurity competency, "upon further scrutiny, many are missing the necessary actions to protect their business," Virani said.
 
"Many senior decision makers simply haven't come to reality with their cybersecurity capabilities," he said, citing the fact that only 10% said they're scared it's only a matter of time until their organization experiences a cyberattack.

The future of secure remote work

Social distancing measures could stay in place until 2021/22, Virani noted, meaning virtual work will continue to remain in place and businesses must consider how to combat threats immediately.

In terms of what actions to take, respondents said their organization needs to:
 ·         Invest more in cybersecurity: More than a fifth (21%)
·         Create a response plan to a cyberattack: Almost a quarter (24%)
·         Be better prepared to handle a scenario like this in the future: Almost a third (30%)
·         Implement clear remote work policies to secure our business from cybersecurity threats when remote working: A quarter (25%)

"Investment in cybersecurity can often feel like a daunting task for small business owners but it's not something that can be overlooked," Virani said. "Only around a tenth (13%) of respondents felt they needed to hire a cybersecurity expert, which is far too low when we see companies of all sizes falling victim to hackers on a daily basis."

Cybersecurity must be a paramount component of any business–whether it be completing cyber risk and resilience reviews, cybersecurity training and awareness programs, or at a minimum, developing operational policies and procedures for data security, he said.

The online survey of 507 senior decision makers at companies with 500 employees or less occurred between April 7-13, Alliant Security said.

Also see

cyberattack.jpg