ECSC sees a big rise in cyber breaches as more people work from home

Cyber security firm ECSC Group, which counts Barclays and GCHQ among its high profile clients, has reported a big rise in cyber breaches as more people work from home amid the pandemic.

Ian Mann, ECSC's chief executive, oversees operations
Ian Mann, ECSC's chief executive, oversees operations

Ian Mann, ECSC's chief executive, said he was initially confused as to why more companies did not report breaches during the first lockdown last spring, but the firm soon realised that homeworkers were unaware that their systems had been hacked.

"When the pandemic hit, I said publicly that because everyone was moving into remote working and cloud based working that we'd see a big spike in breaches," he told The Yorkshire Post.

Sign up to our Business newsletter

Sign up to our Business newsletter

"Throughout the second quarter last year, that whole area just went really quiet. I thought this seems to be completely wrong. People were doing the things that cause breaches and yet we were not seeing them.

"Then our CTO (chief technology officer), Ian Castle, corrected me and said: 'Ian, you're forgetting one crucial factor. Most people don't have a way of detecting breaches so they have seen them, but nobody realises it.'

"Then sure enough, in the second half of the year, we got really busy with incidents. So, people working from home, sometimes the technology they're using was set up by the IT department in a way that causes breaches. Sometimes people are more likely to fall for a scam because they're isolated at home and they've not got somebody next to them in the office to say: 'Oh have you seen this? Should I click on this?'

"So generally, remote working, cloud based working, tends to lead to breaches."

Bradford-based ECSC said that in addition to the dangers of homeworking for cyber security, heavy fines are persuading firms to take it more seriously.

"When I started more than 20 years ago, the fine for a data protection breach was £50," said Mr Mann.

"Now we've got Marriott Hotels being fined £18.4m.

"There are a number of factors. You've got the breaches that lead to a big fine. You've also got breaches that can cripple a company and sometimes it can cause them to very nearly go bust because of the disruptions to their systems, particularly with ransomware.

"Then you've got other incidents that are so embarrassing to the company that the CEO has to resign. The CEO of TalkTalk resigned when they had a major breach."

He was speaking as ECSC reported a strong recovery in 2020 trading despite the challenges of the coronavirus pandemic.

The firm announced earnings of £400,000 in the year to December 31, up from break even in 2019.

Organic revenue growth fell 4 per cent to £5.7m due to a short term Covid-19 impact in the second quarter of the year.

Mr Mann said: "The group responded rapidly to the challenges posed by the pandemic, drawing up a strategy early on to manage the situation effectively and ensure business continuity.

"As a result, we are delighted to report growing adjusted EBITDA profitability and cash generation for the 2020 financial year.

"Despite the impact of Covid-19 on the Assurance division in the second quarter, we began to see rapid recovery in the third quarter and a return to growth of 6 per cent in the fourth quarter... as well as an addition of 90 new clients to the division, which is testament to both our business resilience and market demand."

ECSC's Managed Detection and Response division reported recurring revenue growth of 22 per cent to £2.42m and the division's overall revenue rose 6 per cent to £2.73m.

Mr Mann said: "The strong momentum of the fourth quarter has continued into the first quarter of 2021, with a number of impressive contract wins in our Managed Detection and Response division.

"We are resuming our organic growth strategy and related recruitment activities, and we look forward to keeping the market updated on our progress."

Over the course of 2020, ECSC won 90 new Assurance clients.

Since the start of 2021, the firm has announced major contract wins in its Managed Detection and Response division for one of the UK's major charities and a national leisure group.

Going forward, ECSC said it will be taking a flexible approach to homeworking.

Lucy Sharp, ECSC's chief operating officer, said:"Before the pandemic, 50 per cent of staff worked from home.

"There are obviously key departments that have to work together at our Bradford and Leeds offices and that will continue as they need to be together.

"I think we'll be more flexible in terms of homeworking."

Founded in 2000, ECSC is the UK's longest running full service cyber security service provider. It has an extensive range of in-house developed proprietary technologies, including advanced Artificial Intelligence (AI) systems and provides expert security breach prevention and advisory support to organisations across all sectors.

ECSC operates from two Security Operations Centres (SOCs): one in Yorkshire and the other in Brisbane, Australia.

The firm offers flexible 24/7/365 cyber security monitoring, detection, and response support to its clients, either as a fully managed service or to enhance an organisation's existing cyber security systems.

The company's broad client base ranges from e-commerce start-ups to global blue chip organisations, including 10 per cent of the FTSE 100.