Back
Cyber Security Training & Software for Companies | MetaCompliance

Products

Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Cyber Security eLearning

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Incident Management

Take Control Of Internal Incidents And Remediate What Matters

Back
Industry

Industries

Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 


Financial Services

Creating A First Line Of Defence For Financial Service Organisations

Governments

A Go-To Security Awareness Solution For Governments

Enterprises

A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives

Back
Resources

Resources

From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

Back
MetaCompliance | Cyber Security Training & Software for Employees

About

With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Leadership Team

Meet the MetaCompliance Leadership Team

Careers

Join Us and Make Cybersecurity Personal

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

MetaBlog

Stay informed about cyber awareness training topics and mitigate risk in your organisation.

The Next Global Crisis: A Cyber Security Pandemic

cyber security pandemic

about the author

Share this post

It is widely accepted that the next world war will be a hybrid war seeing businesses and governments targeted by cyber-attacks, subversion and espionage. Amid the ongoing COVID-19 pandemic and everything becoming connected, intelligent and automated, it’s highly likely that the next global crisis will include a catastrophic cyber security pandemic.

There is no doubt that the threat from hostile nations such as China, Russia, Iran and North Korea is growing. As more systems are connected to the internet — including critical national infrastructure (CNI) such as water and electricity which rely on supervisory control and data acquisition (SCADA) systems — the possibility of a cyber-attack causing real-life damage becomes frighteningly real.

The threat of an attack on CNI first became clear a decade ago, when a worm known as Stuxnet caused significant damage to Iran’s nuclear programme through a major cyber-assault. And who could forget the WannaCry crypto worm, which in 2017 ravaged systems across the world with ransomware, in an attack believed to have been perpetrated by North Korea taking advantage of the NSA’s EternalBlue exploit.

Hailed by cybersecurity firm Avast as one of the broadest and most damaging cyber-attacks in history, WannaCry hit organisations including the UK’s NHS, rendering vital equipment such as MRI scanners useless, resulting in a bill of £92 million in lost output and IT costs.

Cyber Security Pandemic in an Increasingly Digital World

Amid an acceleration in the use of digital automation over the last five years, the risk of a major cyber-event even worse than WannaCry is growing. Organisations are taking advantage of transformative technologies such as artificial intelligence (AI), internet of things (IoT) and 5G.

And during the COVID-19 crisis, the move to digital has accelerated further. To survive right now, every business needs to be digitally-enabled, and this has seen transformation programmes accelerate. It is by no means a bad thing, but it has opened up more avenues for adversaries to attack.

Everyone is using cloud and businesses are increasingly relying on video conferencing services such as Zoom and Microsoft Teams each day. Employees are often connecting from home, on possibly insecure devices, utilising their own networks.

As more employees work from home, there is also more potential for cyber-attacks perpetrated by insiders — whether accidental or intentional. Take, for example, the recent Twitter hack that saw the accounts of prominent politicians, celebrities and technology moguls compromised to scam people around the globe out of more than $100,000 in bitcoin.

It was soon reported that an insider was responsible for allowing the attack to happen by helping the perpetrators to gain access to an internal dashboard meant only for Twitter employees. This had apparently allowed criminals to take over accounts by changing their associated email addresses without their knowledge.

The Twitter attack was targeted and financially motivated, but it could have been much worse and more widespread if malware was involved.

Nation State Attacks

For organisations operating in the sectors that comprise CNI, the threat is even more elevated. Russia, China, North Korea and Iran have growing capabilities that they are not afraid to use to attack the West.

The West has its own capabilities — Stuxnet is believed to be the work of the US and Israel — but there is reason to believe nation state adversaries are planning attacks on the UK and its allies. For years, countries including Russia have conducted “sight-seeing” trips to probe for weaknesses in CNI for a possible future attack.

The issue with CNI stems from the fact the SCADA systems on which many power stations and electrical grids are based were never meant to be connected to the internet. And last year, a Ponemon Institute report revealed that 90% of critical infrastructure providers’ IT/OT environment had been damaged by a cyber-attack over the past two years.

Read more: Iran’s Cyber Attack Timeline

Disconnecting from the internet is a good idea, because manual operations offer more control and lower the risk. This was a key factor in reducing the damage in 2015 when Ukraine’s power grid suffered a cyber-attack and disrupted the country’s electricity supply.

Governments are aware of the threat they face from cyber-assaults such as these. EU wide legislation in the UK as part of the NIS Directive intends to help keep the essential services comprising CNI secure.

But within hybrid warfare, cyber-espionage is another area of risk. A new BBC report details how the government is working to stop adversaries such as Russia and China taking advantage of the COVID-19 pandemic to launch cyber-attacks and espionage against the West. And a few months ago, the UK’s National Cyber Security Centre (NCSC) warned Russia is trying to steal COVID-19 vaccine information.

At the same time, the Government’s new proposed Espionage Act is one measure being considered to try and counter the  fast-evolving threat from hostile nation states.

Cyberwarfare and Keeping the Lights on

Combined, these threats offer a perfect storm of complexity that lays the groundwork for all-out cyber war. This might start, for example, with an attack on the electrical grid to cut power to the UK. A devastating assault like this could stop organisations — including critical organisations such as healthcare — from operating, literally costing lives.

As the likelihood of a major cyber-event increases, it’s important to be prepared. From a business and organisational perspective, the only way to stop or limit the risk of a cyber pandemic is by embedding a culture of cyber awareness into people’s work and personal lives. It requires education and training, which should be updated regularly to reflect the threats all organisations face from malicious actors including nation states.

Another key part of preparing for the possibility of a cyber pandemic is incident response. As well as ensuring data backups to help mitigate ransomware attacks, analogue back up such as a telephone is essential.

So in case the worst does happen, don’t throw away analogue phones. Of course, there is no need to stop using voice-over IP (VoIP) but many organisations including local authorities have shut off analogue, and that’s a mistake. The time to make change is now. The COVID-19 crisis wasn’t on any business’ agenda, but it still happened. Organisations should think the same way about a cyber security pandemic: A big cyber-event is possible — even likely — so it’s integral that everyone is prepared.

Webinar: COVID-19 – Digital Transformation and Cyber Security

Join us for our upcoming webinar, ‘COVID-19 – Digital Transformation and Cyber Security‘ September 23rd | 15:00 BST | 10:00 EDT | 07:00 PDT.

The Next Global Crisis: A Cyber Security Pandemic

Other Articles on Cyber Security Awareness Training You Might Find Interesting