Adil Harchaoui has seen just about every way a business can leave itself vulnerable to a cyber attack. Two months ago, however, the founder of Reno-based Nevada IT Solutions (NVITS) double-clicked an attachment from a prospective client that made him do a double take.
“Their office manager sent us a spreadsheet of every single password they had ever created,” said Harchaoui, noting the importance of using encrypted password management tools instead of recording sensitive information on easy-to-hack documents. “It had everything from their LinkedIn profile (password) to their Instagram to their Charter-Spectrum access … pretty much everything under the sun.
“It was very shocking. We’re in an era where mistakes like this could be deadly — it could be the end of your business.”
He’s not kidding. From ransomware to phishing emails, cyber attacks have surged 63% since the coronavirus pandemic shook the global economy in March, according to the Information Systems Security Association (ISSA).
And if that stat doesn’t keep business owners and CEOs up at night, consider this: In Q2 of 2020, COVID-related attack detections increased by a staggering 605% compared to Q1, according to a report by antivirus software company McAfee, which reported observing an average of 419 new threats every minute during the second quarter.
“The impact is huge because the pandemic has exposed a lot of flaws that businesses, especially small businesses, are having,” Harchaoui said. “A lot of businesses are not really equipped with the whole working-from-home thing.”
GOING BEYOND ‘TRADITIONAL IT’
The WFH movement has magnified cybersecurity threats for practically every company, many of which have scrambled to expand virtual private networks (VPN) and remote-work capabilities, said Tim Averill, chief technology officer of BlueHat Cyber, a Reno-based cybersecurity company.
Suddenly, company data was crossing Wi-Fi networks with passwords named after family pets while working professionals share devices with teenagers learning algebra over Zoom or playing Fortnite with their friends.
This, according to Webroot, has resulted in the number of unsecured remote desktop machines jumping by more than 40%.
In other words, the pandemic has created “more targets” for cyber attackers who have even “more time on their hands” during shutdowns, said Averill.
“And people don’t know how to deal with it, especially if they don’t have trained security people on their team,” he continued. “You have to have a mature program in place; you’ve got to have controls that go beyond the perimeter of the corporate network. A lot of smaller companies are not going to have that kind of maturity level.”
To that end, Harchaoui said many small businesses are more susceptible to getting hacked because they have a misconception they are “too small” and don’t implement the IT security industry standards.
COVID-19, however, is slowly forcing many companies to shift their cybersecurity practices from reactive to proactive, he added.
“We’re having conversations with clients we never thought we were going to have,” Harchaoui said. “They were resistant to business continuity disaster recovery, they were resistant to implementing certain security practices. And now, they said, ‘my friend, another business owner, got hacked or got breached.’
“We’ve added more clients this year than last year because businesses are being a lot more serious about security. Traditional IT is no longer going to cut it.”
SURGE IN CYBER DEFENSE DEMAND
As a result, NVITS has seen its revenue rise 20% compared to last year, said Harchaoui, noting an increase in demand for everything from cloud-based services to running phishing scam simulations.
BlueHat Cyber has also seen a boost in business as companies add tools to fend off attackers and keep workers online. Averill estimated the Reno-based company’s revenue is up 30%-40% this year.
He pointed to the fact America’s mass exodus to remote work has led to a rise in demand for cloud services, which tend to provide more digital flexibility for companies. In fact, Averill said BlueHat is “backlogged” with new clients waiting to get on-boarded to the firm’s cloud.
“We do hosted virtual desktops,” he said. “It facilitates secure work-from-home with high levels of security. It’s by far the most secure way to handle work-from-home — or work-from-anywhere, for that matter.”
In fact, cybersecurity firms that offer cloud services are seeing a surge in demand across the globe. Investment in security for cloud-based services is forecast to increase by more than 30% this year, according to Gartner.
In all, cybersecurity spending, mostly by companies and governments, is on track to grow about 9% a year from 2021 to 2024, when it’s projected to hit $207 billion, Gartner says.
HIGH COSTS, LOW WORKFORCE
For many businesses, though, increasing spend on cybersecurity services is challenging, notes Shaun Rahmeyer, administrator of the Nevada Office of Cyber Defense Coordination.
After all, many company have drastically cut costs in order to keep their lights on as the COVID crisis batters the economy. And governments, which already had their 2020 fiscal budgets allocated prior to the pandemic, had to put projects on hold to cover the security costs of addressing the crisis, Rahmeyer wrote in an email to the NNBW.
What’s more, citing a McKinsey & Company statistic, he said 70% of security executives believe their budgets for 2021 will shrink.
“As a result, new investments to safeguard organizations are expected to be limited, creating a direct path to organizational information security,” Rahmeyer said.
Compounding the problem? There remains a severe cybersecurity skills shortage.
In late 2019, there were 2.8 million professionals working in cybersecurity jobs around the world, according to GovTech. The industry, however, needs another 4 million trained workers in order to properly defend organizations and close the skills gap, GovTech says.
That includes a half a million unfilled cybersecurity jobs in the U.S., and nearly 3,000 such openings in Nevada.
“While firm statistics have not been identified in the pandemic era, the demand for even more cybersecurity professionals has likely increased,” said Rahmeyer, who is also an advisory board member of the University of Nevada, Reno’s Cybersecurity Center. “Organizations are now dealing with remote workforces that continue to increase in size and sophistication. As the world becomes more reliant on technology, organizations will be forced to increase their demand for cybersecurity talent or risk the consequences of a catastrophic cyber incident.”