2020 has become the year of cybercrime. Cybersecurity service providers are seeing record numbers of attacks and breaches.
In 2020, cybercrime continues to impact small businesses particularly hard. According to the Ponemon Institute, the average cost of a data breach for smaller organizations (between 500 and 1,000 employees) averaged $2.65 million in 2019. That equates to $3,533 per employee, more than 17x the per-employee cost for larger organizations.
The Coronavirus pandemic has also created favorable conditions for cybercriminals. Many Americans continue to work and study remotely, and wireless networks and mobile devices are particularly attractive targets for hackers. As organizations rush to deploy cloud-based applications and remote access infrastructure, some are failing to implement the comprehensive security measures needed to protect users and sensitive data.
For many small businesses, it’s a question of when, not if, a data breach will occur. Ponemon found that the chance of experiencing a data breach within two years was 29.6% in 2019, one-third more likely than in 2014. Business leaders must understand the impact of cybersecurity threats, the most common attacks, and how they occur. Most importantly, they need to know what steps to take to protect their critical data assets.
What is a Cybersecurity Threat, and Why Do We Need to Take Them Seriously?
A cybersecurity threat is typically an attack that targets a computing device, network, or application in an attempt to steal data, disrupt operations, or control an asset. In most cases, these attacks are financially motivated — to take and sell sensitive data, or to hold data hostage if a ‘ransom’ is not paid.
Today’s cybercriminals are often well-resourced and employ sophisticated tactics. Rapidly evolving cyberattacks have created an ongoing game of ‘cat and mouse’ between hackers and security providers.
The Long-Term Impact of a Data Breach
While the costs of cyberattacks are undeniable (averaging $8.19 million per incident in the U.S —more than double the global average), their repercussions can also affect a business for years.
Operational Disruption. In the aftermath of a cyberattack, companies may need to suspend operations temporarily. Establishing additional security infrastructure and implementing new security protocols is costly, time-consuming, and almost certain to impact short-term productivity.
Customer Relationships. Once a breach becomes public, customers may fear for the security of their sensitive data and seek other suppliers. Companies may also be less successful in competing for new business, given a perceived lack of security.
Erosion of Brand Value. Negative press and poor customer reviews on social media can amplify the impact of a cyberattack. 71% of CMOs believe the biggest cost of a security incident is the loss of brand value.
Increased Insurance Premiums. While many companies now carry insurance against cyberattacks, rates may skyrocket after an attack has taken place. Deloitte reports that a policyholder can face a 200% increase in premiums for the same coverage, or even denial of future coverage.
Loss of Intellectual Property. Theft of proprietary information (patents, copyrights, or other trade secrets) due to a cyberattack can mean the loss of competitive advantage and future revenues.
The Top Cybersecurity Threats in 2020
While cybersecurity threats come in many forms and are almost too numerous to count, here are the most common (and debilitating) threats organizations are currently experiencing:
Wikipedia defines phishing as “the fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details by disguising oneself as a trustworthy entity in an electronic communication.”
According to the Verizon 2018 Data Breach Investigations Report, 93% of security incidents are the result of phishing. Phishing attacks frequently use social engineering to steal user credentials. Often an attacker will pretend to be a trusted source, tricking the victim into opening a malicious email or text message, then clicking on a link that installs malware or other damaging code.
‘Cloud phishing,’ the latest evolution of this threat, is a multi-stage attack. First, the target receives an email with a link to a document hosted on a legitimate cloud service such as OneDrive or SharePoint. The document also contains a link which, when clicked, leads to a ‘second stage’ phishing page, where unwitting victims are duped into providing their credentials.
With cloud services now in the mainstream, the dangers of phishing are significant. A compromised Office 365 email account, for example, allows hackers to read user emails, impersonate the user, and share malevolent documents or files on legitimate cloud platforms.
The good news is that phishing prevention employee training can play a big part in limiting the success of phishing attacks. KnowBe4, a leading security provider, estimates that 37.9% of untrained end users would fail a phishing test. With ongoing training, that number drops to 14.1%.
Malware and Ransomware
Malware (short for ‘malicious software’) is computer code designed to steal data or damage devices, applications, or networks. Spyware, ransomware, and viruses are all variations of malware.
For most organizations, ransomware represents the most significant threat. A ransomware attack encrypts the victim’s files, and then the attacker demands payment (a ransom) to restore file access. Payment, usually requested in Bitcoin, can range from a few hundred dollars for an individual to more than a million dollars for large organizations.
Once the focus of smaller cybercrime operators, ransomware is now big business. Sophisticated, professional teams now target larger organizations that can provide higher payouts. Some nation-states are even involved in ransomware activities.
The public sector is particularly hard-hit by ransomware attacks. In 2019, more than 960 government entities were attacked, with a potential cost of $7.5 billion. These included:
- Over 110 state and municipal governments and agencies
- 764 healthcare providers
- 89 universities, colleges, and school districts, with operations at up to 1,233 individual schools
Phishing emails and website pop-ups are the most common entry points for ransomware attacks. One a link is clicked, the host machine is scanned for vulnerabilities the hacker can exploit.
While backups can serve as an effective defense against ransomware attacks, they must be well-secured, as they are often targeted in the initial breach.
Remote Worker Endpoint Security
Now more than ever, mobile and remote users present attractive targets for cybercriminals. Mobile workers often use personal devices, connect to lightly-protected wireless networks, and access unauthorized cloud applications. A recent study found that 30% of all security breaches involved malware being installed on mobile devices and other endpoints.
The pandemic has created further opportunities for cybercriminals. Security monitoring firms have noted a surge of attacks against users of Microsoft’s Remote Desk Protocol (RDP). These ‘brute-force’ attacks, numbering in the millions per week, are targeting employees working from home.
Protecting remote endpoints can be particularly challenging for many organizations, for a variety of reasons, including:
A wide range of end-user devices. The 2020 migration to ‘work from home’ has forced companies to purchase and deploy new laptops and tablets to their remote workforce. In some cases, organizations have been compelled to allow employees use their personal devices. All these remote endpoints must be part of a clear and concise BYOD policy, and checked to ensure they have adequate, updated security installed, and many companies struggle with deploying and managing these security products.
Limited visibility into remote user activity. Many IT teams, themselves working from home, don’t have the management tools and infrastructure to monitor the increased number of remote devices now on the network.
Poor user password management. Many users reuse passwords, creating significant exposure if a single device is compromised. Remote workers often make the situation worse by using personal devices and networks with lower security standards than their corporate alternatives.
According to the 2020 Verizon Data Breach Investigations Report, 30% of data breaches involve internal actors. These insider threats include not only deliberate attacks, but also careless handling of systems and data by employees.
The most damaging insider threats usually occur when an employee unwittingly provides access to cybercriminals — either through individual negligence or poor security practices.
Unsecured Software. Unpatched software and unauthorized, employee-installed applications represent significant security threats. The proliferation of cloud applications has made the problem worse. Some of these apps sync data to the cloud with no encryption, creating opportunities for hackers to steal data or login credentials.
Unsecured Devices. Mobile devices are particularly vulnerable to physical loss and wifi hacking. Companies should limit the storage of sensitive data on mobile devices and control which corporate assets can be accessed remotely.
Malicious Insiders. There will always be the potential threat of a disgruntled employee, or those looking to profit from stolen data assets. Strict security protocols and making security part of the company culture can mitigate these threats.
How to Defend Your Business Against Cyber Threats
Cybersecurity is an ever-escalating battle between criminals and hardware manufacturers, software makers, and security providers. Organizations should maintain a comprehensive security plan and revisit it regularly. Here are five essential steps you can take to protect your critical digital assets:
Secure Your Data — Encryption and Backups
Data security is a cornerstone of any cybersecurity initiative, yet Ponemon found that only 48% of companies surveyed had an encryption plan applied consistently across the entire enterprise.
Effective data security involves two key elements — encryption and backup. All sensitive data should be encrypted, especially customer and employee information. Encryption software is ubiquitous and should be activated and kept current on all company and personal devices.
Data backup is also essential. After encryption, data should be backed up and stored separately and securely. Access to backups should be highly restricted and carefully monitored.
Endpoint Detection and Response is one of the best ways to protect digital assets and data.
All devices should be protected with a secure, unique password, and forced password changes should take place regularly. Multi-factor authentication should be used whenever possible.
‘Find My Device’ applications should be installed on all mobile devices, including cellphones. This can help authorities quickly locate and recover a stolen device.
Mobile users should employ privacy screens when working in public locations to discourage ‘over-the-shoulder’ spying.
Finally, all devices that have reached the end of their lifecycle should have their drives wiped, and computer equipment should be securely recycled.
Consider Cyber Liability Insurance
Despite taking all precautions, organizations may experience a data breach. Cyber insurance is designed to help offset costs associated with a cyberattack, including:
Investigation. An investigation is required to determine the sequence of events of the cyberattack. It can also identify how to mitigate damages and prevent a similar breach from recurring.
Business losses. A policy may cover financial damages due to business interruption, downtime, and data loss.
Lawsuits. Insurance may reimburse for legal expenses related to the loss of confidential information and associated legal settlements.
Create a ‘Security Culture’
Employees are the first line of defense against cyberattacks, and creating security awareness through communication, training, and consistent policy enforcement can help reduce the risk of a breach.
Consistent, leader-driving messaging reinforces the importance of cybersecurity, and makes clear that every employee is responsible for remaining vigilant, adhering to company security policies, and reporting suspicious behavior.
Those policies should be well-documented and highly visible. Mandatory security training for new hires pays dividends, as does refresher training for all staff.
It’s also essential to inform employees about the practical steps they can take to protect their work and personal devices. This training can outline the proper use of public networks, password maintenance, and how to recognize common cyberattacks such as phishing.
Consider a Managed Security Option
Building and maintaining a comprehensive security infrastructure is a daunting prospect, especially for small businesses. Firewalls and other security hardware require a large capital investment, and highly-skilled technical resources are difficult to find and expensive to hire. Security monitoring, an essential component of securing the enterprise, requires specialized equipment and is resource-intensive.
As an alternative, many small businesses are choosing to outsource some or all of their security requirements to a Managed Security Services Provider (MSSP). Using an MSSP offers many potential benefits, including:
Reduced costs. Leveraging an MSSP can replace high capital costs with lower, more predictable operational costs. Companies may also be able to reduce staffing costs or redirect resources to other critical IT initiatives.
Access to tools and expertise. MSSPs typically have a deep bench of highly-trained security experts, and maintain the specialized tools and processes to evaluate security infrastructure, monitor networks, and identify and remediate cyber threats.
Response times and SLAs. Many MSSPs provide 7x24x365 support and Service Level Agreements that guarantee incident response times in the event of a security incident.
Ongoing Security Updates. Effective cybersecurity requires continual hardware, software, and process updates to stay one step ahead of hackers. Corporate IT teams, especially in small businesses, are hard-pressed to keep up with these changes. MSSPs, with security as their core business, are constantly evaluating and upgrading their capabilities.
Scalability. MSSPs can quickly scale or tailor their services based on the needs of their customers. They can provide additional capacity for seasonal or project-based requirements and accommodate sudden growth due to acquisitions or expansion.
Auditing, Training, and Reporting. MSSPs can conduct security risk assessments to identify potential vulnerabilities. They can also develop and deliver security training and testing across the organization. Finally, using security monitoring, MSSPs can provide executive-level or detailed reporting of security performance, potential breaches, and any containment or remediation that has taken place.
Unless you're a business with dozens of IT-based employees, with schedules that work around the clock monitoring your network for any kind of intrusion or breach, you're going to need some help keeping your organization safe.
Working with an IT service provider through co-managed IT will save your business time and money. Your employees will be better equipped to handle the work you need to keep in-house, and your network will be better protected thanks to continuous monitoring from and external team.
If you're interested in learning more about cyber security services from Ntiva, click the link below to schedule a free consultation!