Businesses of all sizes are seeing record numbers of attacks and breaches, and cyber security service providers are scrambling to protect their clients. IT security consulting has become big business!
In 2021, cybercrime will continue to impact small businesses particularly hard. According to the Ponemon Institute, the average cost of a data breach for smaller organizations (between 500 and 1,000 employees) averaged $2.65 million in 2019.
That equates to $3,533 per employee, more than 17x the per-employee cost for larger organizations.
In 2020, the COVID-19 pandemic created a favorable condition for cybercriminals. Many Americans continued to work and study remotely, and wireless networks and mobile devices were particularly attractive targets for hackers.
As organizations rushed to deploy cloud-based applications and remote access infrastructure, some failed to implement the comprehensive security measures needed to protect users and sensitive data.
For many small businesses, it’s a question of when, not if, a data breach will occur. Ponemon also found that the chance of experiencing a data breach within two years was 29.6% in 2019, one-third more likely than in 2014.
Business leaders must understand the impact of cybersecurity threats, the most common attacks, and how they occur.
Most importantly, they need to know what steps to take to protect their critical data assets.
A cybersecurity threat is typically an attack that targets a computing device, network, or application in an attempt to steal data, disrupt operations, or control an asset. In most cases, these attacks are financially motivated — to take and sell sensitive data, or to hold data hostage if a ‘ransom’ is not paid.
Today’s cybercriminals are often well-resourced and employ sophisticated tactics. Rapidly evolving cyberattacks have created an ongoing game of ‘cat and mouse’ between hackers and security providers.
While the costs of cyberattacks are undeniable - averaging $8.19 million per incident in the U.S —more than double the global average, their repercussions can also affect a business for years.
1. Operational Disruption. In the aftermath of a cyberattack, companies may need to suspend operations temporarily. Establishing additional security infrastructure and implementing new security protocols is costly, time-consuming, and almost certain to impact short-term productivity.
2. Customer Relationships. Once a breach becomes public, customers may fear for the security of their sensitive data and seek other suppliers. Companies may also be less successful in competing for new business, given a perceived lack of security.
3. Erosion of Brand Value. Negative press and poor customer reviews on social media can amplify the impact of a cyberattack. 71% of CMOs believe the biggest cost of a security incident is the loss of brand value.
4. Increased Insurance Premiums. While many companies now carry insurance against cyberattacks, rates may skyrocket after an attack has taken place. Deloitte reports that a policyholder can face a 200% increase in premiums for the same coverage, or even denial of future coverage.
5. Loss of Intellectual Property. Theft of proprietary information (patents, copyrights, or other trade secrets) due to a cyberattack can mean the loss of competitive advantage and future revenues.
While cybersecurity threats come in many forms and are almost too numerous to count, here are the most common (and debilitating) threats organizations are currently experiencing:
Wikipedia defines phishing as “the fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details by disguising oneself as a trustworthy entity in an electronic communication.”
According to the Verizon 2018 Data Breach Investigations Report, 93% of security incidents are the result of phishing. Phishing attacks frequently use social engineering to steal user credentials. Often an attacker will pretend to be a trusted source, tricking the victim into opening a malicious email or text message, then clicking on a link that installs malware or other damaging code.
‘Cloud phishing,’ the latest evolution of this threat, is a multi-stage attack. First, the target receives an email with a link to a document hosted on a legitimate cloud service such as OneDrive or SharePoint. The document also contains a link which, when clicked, leads to a ‘second stage’ phishing page, where unwitting victims are duped into providing their credentials.
With cloud services now in the mainstream, the dangers of phishing are significant. A compromised Office 365 email account, for example, allows hackers to read user emails, impersonate the user, and share malevolent documents or files on legitimate cloud platforms.
The good news is that phishing prevention employee training can play a big part in limiting the success of phishing attacks. KnowBe4, a leading security provider, estimates that 37.9% of untrained end users would fail a phishing test. With ongoing training, that number drops to 14.1%.
Malware (short for ‘malicious software’) is computer code designed to steal data or damage devices, applications, or networks. Spyware, ransomware, and viruses are all variations of malware.
For most organizations, ransomware represents the most significant threat.
A ransomware attack encrypts the victim’s files, and then the attacker demands payment (a ransom) to restore file access. Payment, usually requested in Bitcoin, can range from a few hundred dollars for an individual to more than a million dollars for large organizations.
Once the focus of smaller cybercrime operators, ransomware is now big business. Sophisticated, professional teams now target larger organizations that can provide higher payouts. Some nation-states are even involved in ransomware activities.
The public sector is particularly hard-hit by ransomware attacks. In 2019, more than 960 government entities were attacked, with a potential cost of $7.5 billion.
These included:
Phishing emails and website pop-ups are the most common entry points for ransomware attacks. One a link is clicked, the host machine is scanned for vulnerabilities the hacker can exploit.
While backups can serve as an effective defense against ransomware attacks, they must be well-secured, as they are often targeted in the initial breach.
Now more than ever, mobile and remote users present attractive targets for cybercriminals.
Mobile workers often use personal devices, connect to lightly-protected wireless networks, and access unauthorized cloud applications. A recent study found that 30% of all security breaches involved malware being installed on mobile devices and other endpoints.
The pandemic has created further opportunities for cybercriminals. Security monitoring firms have noted a surge of attacks against users of Microsoft’s Remote Desk Protocol (RDP). These ‘brute-force’ attacks, numbering in the millions per week, are targeting employees working from home.
<<Read the blog: “6 Tips for Improving Cloud Computing Security”>>
Protecting remote endpoints can be particularly challenging for many organizations, for a variety of reasons, including:
According to the 2020 Verizon Data Breach Investigations Report, 30% of data breaches involve internal actors. These insider threats include not only deliberate attacks, but also careless handling of systems and data by employees.
The most damaging insider threats usually occur when an employee unwittingly provides access to cybercriminals — either through individual negligence or poor security practices. These include:
Cybersecurity is an ever-escalating battle between criminals and hardware manufacturers, software makers, and security providers. Organizations should maintain a comprehensive security plan and revisit it regularly.
Here are five essential steps you can take to protect your critical digital assets:
Data security is a cornerstone of any cybersecurity initiative, yet Ponemon found that only 48% of companies surveyed had an encryption plan applied consistently across the entire enterprise.
Effective data security involves two key elements — encryption and backup. All sensitive data should be encrypted, especially customer and employee information. Encryption software is ubiquitous and should be activated and kept current on all company and personal devices.
Data backup is also essential. After encryption, data should be backed up and stored separately and securely. Access to backups should be highly restricted and carefully monitored.
Endpoint Detection and Response is one of the best ways to protect digital assets and data.
All devices should be protected with a secure, unique password, and forced password changes should take place regularly. Multi-factor authentication should be used whenever possible.
‘Find My Device’ applications should be installed on all mobile devices, including cellphones. This can help authorities quickly locate and recover a stolen device.
Mobile users should employ privacy screens when working in public locations to discourage ‘over-the-shoulder’ spying.
Finally, all devices that have reached the end of their lifecycle should have their drives wiped, and computer equipment should be securely recycled.
Despite taking all precautions, organizations may experience a data breach. Cyber insurance is designed to help offset costs associated with a cyberattack, including:
Investigation. An investigation is required to determine the sequence of events of the cyberattack. It can also identify how to mitigate damages and prevent a similar breach from recurring.
Business losses. A policy may cover financial damages due to business interruption, downtime, and data loss.
Lawsuits. Insurance may reimburse for legal expenses related to the loss of confidential information and associated legal settlements.
Employees are the first line of defense against cyberattacks, and creating security awareness through communication, training, and consistent policy enforcement can help reduce the risk of a breach.
Consistent, leader-driving messaging reinforces the importance of cybersecurity, and makes clear that every employee is responsible for remaining vigilant, adhering to company security policies, and reporting suspicious behavior.
Those policies should be well-documented and highly visible. Mandatory security training for new hires pays dividends, as does refresher training for all staff.
It’s also essential to inform employees about the practical steps they can take to protect their work and personal devices. This training can outline the proper use of public networks, password maintenance, and how to recognize common cyberattacks such as phishing.
Building and maintaining a comprehensive security infrastructure is a daunting prospect, especially for small businesses. Firewalls and other security hardware require a large capital investment, and highly-skilled technical resources are difficult to find and expensive to hire.
Security monitoring, an essential component of securing the enterprise, requires specialized equipment and is resource-intensive.
As an alternative, many small businesses are choosing to outsource some or all of their security requirements to a Managed Security Services Provider (MSSP).
Using an MSSP offers many potential benefits, including:
Unless you're a business with dozens of IT experts, with schedules that work around the clock monitoring your network for any kind of intrusion or breach, you're going to need some help keeping your organization safe.
Working with an IT service provider can save your business time and money. Your employees will be better equipped to handle the work you need to keep in-house, and your network will be better protected thanks to continuous monitoring from an external team.
If you're interested in learning more about cyber security services from Ntiva, click the link below to schedule some time to talk to one of our solutions specialists.