Chapter 1
A changing world
Opportunistic cybercriminals
The COVID-19 crisis has caused a major shift in the digital landscape. Working at home has become the norm, while digital tools have often been the solution for business owners to keep their business going. Unfortunately, it seems that cybercriminals are ever opportunistic and have made use of the crisis and uncertainty to attack organizations in an even more targeted way.
That’s why 2020 was a record year for ransomware attacks, where hackers paralyze companies and organizations and then demand a ransom. There was also a noticeable increase in the number of phishing attacks in the past year. Most people are simply less vigilant when they work from home instead of in a secure business environment.
Cybercriminals take advantage of this. Moreover, cybersecurity wasn’t initially the priority for many businesses. Many business owners were mainly concerned with keeping their business going. Cybersecurity wasn’t the first thing they thought of.
Cyber incidents
59%of organizations were the victim of a cyber incident last year. (EY Global Information Security Survey)
Budget increase for cybersecurity
53%of organizations increased their budget for cybersecurity this year. (EY Global Information Security Survey)
In-house cybersecurity
50%of businesses operates its IT security in-house. Their own expertise and the belief that the costs of outsourcing outweigh the benefits are reasons not to switch to an external IT partner. (UNIZO Limburg, research report 2020)
Chapter 2
Impact
Thousands of attacks a day
Cyberattacks are now commonplace, and cybersecurity does need to be high up on the priority list. Big companies and organizations’ IT systems sometimes suffer thousands of attacks a day. They continuously have to fend off attacks. These attacks come from all over the world and are also becoming increasingly targeted. Whereas cybercriminals previously largely launched broad attacks – in the hope that someone would walk into their trap – they are now often aimed at specific people, for instance the person within a company responsible for financial matters. Targeted attacks like these are becoming more common and turn out to be much more dangerous.
The complexity of the cyberthreats means that organizations need to arm themselves on a number of levels: both technically and organisationally, with a good grasp of what their crucial data is, what their priority business processes are and how they have to apply these measures to ensure optimum safety.
Almost ten years ago, a cyberattack mostly wouldn’t really have much operational impact. At most, the IT environment went down for a day or two. Operating activities carried on as usual, albeit less efficiently. Today, a targeted cyberattack paralyzes whole companies and organizations. After all, technology has increasingly become a fundamental part of core business processes and services. Automation fully connects production environments with digital tools to remotely control machines and installations. This fact hasn’t escaped the notice of cybercriminals either. Not integrating cybersecurity into operating activities means waiting until a hacker pulls the plug.
Four forms of cybercrime
- Phishing: victims are mostly lured via an email to a fake website that is a copy of a real website. They unsuspectingly log in there, giving their login details – and also often their bank account details.
- Spear phishing: a very targeted phishing attack on an individual, a company or an organization.
- Ransomware attack: hackers install ransomware in the company’s IT systems and thus shut down all business and production processes. The cybercriminals then demand a ransom to unblock everything.
- CxO fraud: a version of invoice fraud where attempts are made to get people to send money to the scammer’s bank account. The scammer pretends to be a CEO or another high-level director at a company.
Related article
Chapter 3
Running a business with cybersecurity
Not just for multinationals
Cybercriminals don’t just have their sights on big companies and organizations. One in five Belgian SMEs has already fallen victim to a cyberattack according to a recent survey by Unizo. Cybercriminals don't care which company they cripple or who pays the ransom. Moreover, SMEs are often suppliers to a lot of bigger companies, which means a cyberattack on an SME can be the gateway to the multinationals they work for. SMEs are often part of a broader supply chain. That's why it's important that they can also show their customers that their services are secure against cyberattacks, for example in order to ensure business continuity and deliveries to customers.
A continuity plan versus a recovery plan
The cyber continuity plan comes into play as soon as a company or organization is hit by a high-impact cyberattack. This is a backup plan to keep essential services running, after, for example, a ransomware attack. The recovery plan comprises the various steps necessary to restore normal activities after an incident. A company or organization needs to think about this in advance. At the time of the attack, it's too late.
Chapter 4
Priorities
Cybersecurity as a cornerstone of the digitalization process
Many SMEs are, however, still unaware of the dangers. Their priority is growth, but they don't always realize that cybersecurity is a crucial factor to guarantee growth. That is precisely why the Flanders Agency for Innovation & Entrepreneurship (VLAIO) set up a guidance program for SMEs. It means they can obtain external advice and support to increase their maturity regarding cybersecurity. The Flemish Government selected nine service providers (including EY) for this, each of which has developed a specific course.
Read more about EY’s offering for Flemish SMEs (in Dutch)
The courses cost between €25,000 and €50,000, 45% of which is subsidized by the Flemish Government. In order to remain competitive, a lot of SMEs are focusing on digitalization, both internally and for the services they offer. But anyone who digitizes becomes vulnerable to cyberattacks and must incorporate cybersecurity as a building block of the business.
The priority of SMEs is growth, but they don't always realize that cybersecurity is a crucial factor to guarantee that growth.
Chapter 5
Where to start?
Analyze the weak spots
Companies that want to increase their cybersecurity first need to gain a good understanding of their own weak spots. The analysis forms the basis for a strategic roadmap encompassing all the priorities and the steps, tools and financial resources needed to achieve the intended level of cybersecurity. It primarily depends on the priorities on the basis of the risk, cost and impact of an intervention.
The specific action plan will differ from one company to another. But there are a few concrete priorities that come up again and again:
- Raising awareness about the risks among employees, specifically including employees in financial services (for example to avoid invoice fraud)
- Addressing the use of weak passwords and striving for strong authentication
- Identifying which IT systems and technologies your core activities depend most strongly on so that these can be given priority
- Making use of ethical hacking or red teaming to test the robustness of your IT and technology environment.
- Expanding computer security incident response (CSIRT) capacity in order to detect attacks and stop these early before they’ve had a major impact.
- Training management in dealing with a cyber crisis and writing a solid continuity plan.
- Ensuring that cybersecurity is an integral part of new projects and initiatives
How EY can help
Cybersecurity, strategy, risk, compliance and resilience
EY Cybersecurity, strategy, risk, compliance and resilience teams can provide organizations with a clear picture of their current cyber risk posture and capabilities, giving them an informed view of how, where and why to invest in managing their cyber risks.
Read moreService leader
EY Belgium Technology Consulting Partner
Newsletters EY Belgium
Subscribe to one of our newsletters and stay up to date of our latest news, insights, events or more.
Summary
Cyberattacks have become commonplace, and cybersecurity does need to be high up on the priority list. Cybercriminals don’t just have their sights on big companies and organizations. One in five Belgian SMEs has already fallen victim to a cyberattack according to a recent survey. Companies that want to increase their cybersecurity first need to gain a good understanding of their own weak spots.
