The term ‘cost-of-living crisis’ has now gone through all the stages of existence of an overused expression. Emerging in early 2022 as a way of describing a set of financial and economic circumstances – from rising energy rates and food costs to travel price hikes – it soon became favoured, then commonplace, and finally, ubiquitous in business as well as personal conversations.
It might now be redundant and even unnecessary to say that we are going through a cost-of-living crisis, but the reality is entirely unchanged. Throughout the UK, many are still battling with the untenable increase in expenditure and will likely continue to do so until the second half of the year.
With the enduring financial predicament and the possibility of a recession looming over us, businesses must prepare for and adapt to the implications of the situation. An obvious negative outcome is the rise in business costs and narrowing profit margins, but there are other, less straightforward consequences organisations will have to face. Cybersecurity, for example, is an area that is extremely vulnerable to financial volatility of this kind – and one where any setback can have serious repercussions. Let’s explore what the risks consist of and how organisations can defend themselves.
Higher costs = more vulnerabilities
One of the self-evident reasons behind the increasing number of successful cyber incidents is the tightening of cybersecurity budgets for most businesses. Higher energy costs and lower revenues amid the economic crisis mean that businesses have fewer financial resources to devote to the exploration and deployment of new cyber solutions.
Because of the constantly evolving nature of cyberattacks, protective measures need to be updated and tested frequently. Ideally, businesses should also hold cybersecurity awareness training on a regular basis, with attack simulations included, so that employees can be trained to recognise the latest waves of phishing emails and take appropriate action when a breach happens.
With potentially higher staff turnover, early training on cybersecurity and related processes and systems is more essential than ever, as cybercriminals are savvy enough to use LinkedIn to target new employees as the weakest link into any organisation.
Of course, these measures take time and can also add additional costs. For many organisations, this means that cybersecurity falls down the priority list when they need to tighten the belt, resulting in greater vulnerability in the face of cybercriminal activity.
The risk of downtime
Amid times of economic distress, when all eyes are on the bottom line, the consequences of a cyberattack also become more serious. If a breach successfully gets through all the layers of an organisation’s security infrastructure, this can cause the entire system to shut down while security measures are reinstated, and cyber professionals investigate. On some occasions, attacks go completely unnoticed until the attacker shows their hand, by which time any response will become difficult and recovering systems will be a long process.
The financial implications of downtime are always significant, but never more so than in a cost-of-living crisis. Knowing that businesses cannot afford any downtime is a major driver in cybercriminals’ activity, too, specifically with ransomware attacks. Bad actors know they’ll be successful if they threaten businesses with downtime and that businesses will likely pay up just to avoid the dire consequences of a potential breach. This is especially true of industries such as manufacturing, which face a ripple effect of negative implications associated with any downtime. The data backs this up: our latest annual Threat Report found that manufacturing organisations were 56% more likely to be hit by infections than the average business.
Top support for cybercrime: artificial intelligence
In the UK, the cost-of-living crisis has also coincided with the widespread release of large-language models (LLMs) in 2022, with the advent of ChatGPT. Now, many tech giants are working on developing the best form of these AI bots, which can ease the burden of people working in many professions. Unfortunately, cybercriminals are included on that list.
ChatGPT can write malware, encrypt files, and generate phishing emails, creating content which can be used for social engineering attacks aimed at individuals. The most alarming part is not just the accuracy and speed with which AI can create such malicious content, but the fact that it is readily available for everyone to use, and just a few clicks away at any moment. And ChatGPT is not the only form we should be worried about: other generative AI tools can now be used to mimic the voices of loved ones or employers for fake phone calls and video imagery can be created for similar social engineering purposes.
Targeting your investments for the best self-defence
With the emergence of these new and fast-growing tools, and the continuing economic difficulty businesses are continuing to face, it is unlikely that this cyber crisis will resolve anytime soon. But it’s not all doom and gloom: despite budgets being challenged, businesses can structure their cybersecurity spending in such a way that they continue to be protected.
It is a good idea to invest in technologies which harness significant automation, to keep up with the AI-enabled cyberattacks that most businesses are battling. Tools using ML and AI can also take over mundane and time-consuming tasks and allow professionals to laser-focus on the most important decisions.
On a limited budget, making the most of partnerships, such as bringing in external managed security service providers and penetration testers can ease the burden of uncovering vulnerabilities, breach detection and incident response but this needs to be balanced to ensure that the costs of mounting an adequate defence and managing risk can still be met.
With the right mindset and enabled by a strong set of tools, businesses can set themselves up for maximised cyber resilience, and ensure that cybercriminals don’t get the upper hand amid the continuing cost-of-living crisis.