Cyber attacks seem to prominently make the news headlines on a weekly, if not daily, basis across the globe. Gas providers, healthcare institutions, and yes, even small businesses are the target of malicious cyber attacks geared toward harming your business and gaining valuable data with malicious intent in mind. For a while during the global health crisis, the focus was shifted away from the cyber threats that seem to be increasing in scope and number. As we move through 2022, however, our collective attention must once again take a closer look at the current statistics around cyber attacks, the long and short-term cost of these attacks, the impact on the U.S. and global economy, and how to reduce the risks of these attacks from impacting our businesses. Today’s blog aims at doing just that - taking a closer look at the main issues surrounding the rise in cyber attacks, the impacts they are having both globally and closer to home, and how each of us can reduce our level of vulnerability at home and at the workplace.
What the Numbers Tell Us
There’s not a whole lot of good news regarding the number of cyber attacks either within the U.S. or globally.According to the World Economic Forum’s Global Risk Report, cyber attacks are expected to double in number by 2025, a short three years from now. Pair this with the fact that a mere .05% of cyber attacks are detected and fully prosecuted in the United States annually and the numbers are looking quite bleak. Accenture Security found that there’s been a triple digit increase in intrusion volume, driven by familiar trends. These trends include a year-after-year increase in cyber crimes by 125% and the fact that some industries are being targeted more than most. Nearly every industry has had to embrace new solutions and it has forced companies to adapt, quickly. The top three targeted industries are banking, industrial, and (ranking in top spot) consumer goods, which impacts all of us to some extent. Furthermore, a January 2022 report by cybersecurity and digital forensic expert Ricoh Danielson warns that an uptick of threat actors performing cyber-attacks over the next 25 years will wreak havoc with U.S. businesses including major corporations and financial institutions.
Cost of Cyber Crimes
The cost of cyber crimes is most certainly not chump change to be ignored. In fact, McAfee, an award winning antivirus and online protections, estimates that cybercrime costs the world economy more than $1 Trillion. That's roughly one percent of global GDP. Yikes! Looking for an answer to the question of ‘what could a cyber attack cost my company?’ While a specific number is hard to pin down, the Federal Bureau of Investigation estimates that the numbers could be in the millions. For instance, the average cost of a malware attack for a company is over $2.5 million. FBI Director Christopher Wray this month told The Wall Street Journal there were "a lot of parallels" between the September 11, 2001, terrorist attacks and the current state of cyberattacks in the US.Remember that the cost is not just what the ransom demand would be, but all the security protocols that were installed prior to the attack as well as measures taken post attack. These protocols all cost money and the solution to the issue is going to take IT experts, security experts, public relations experts and a whole slew of technology wizards to resolve the problem. The long-term costs of a cyber attack on your business, regardless of size, could be substantial. An IBM report for all of 2020 broke down the numbers to individual records that were breached. For personal data breaches, including phone numbers, credit cards, and social media accounts, the average attack can cost a company around $180 per record. If you have a million records breached, you can see how the cost could add up quickly. The long-term costs would include: lost data, business disruption, revenue losses from system downtime, notification costs, or even damage to a brand’s reputation. If legal issues ensue due to negligence to follow compliance regulations, the numbers will skyrocket. Regardless of the type of cyber attack every consequence, from legal fees to reputation management is costly!
Who’s Behind These Attacks?
It may be easy to say, “well, we should hold cyber attackers accountable and make them pay the cost of the attack.” Unfortunately, as we stated above, a mere drop in the bucket of cyber criminals are detected, found, and prosecuted for their crimes. Meanwhile, businesses are left rebuilding their IT world and potentially their reputation. According to Verizon’s Data Breach Investigations Report, the majority of cyber attacks are triggered by outsiders, insiders, company partners, organized crime groups, and affiliated groups.Outsiders, criminal hackers, and internal bad actors are the top groups/individuals behind these attacks. They are often highly skilled, motivated, and have a good working knowledge of where vulnerabilities exist in businesses big or small.
How To Reduce Your Risk
Every organization, regardless of size, should take steps to reduce risks, both internally and externally from potential cyber attacks. Yes, even small businesses need to consider their best practices when it comes to keeping client data safe. A large number of cyber attacks target what are perceived to be soft targets or small businesses because they are not nearly as prepared or outfitted as larger corporations. With the increasing threats of hackers accessing your data, implementing processes to prevent data security breaches becomes highly critical. Here are a few suggestions to reduce your organization's risk.
Every employee in your organization who handles data should be trained and retrained regularly regarding ongoing threats and what red flags to be on the lookout for. This should include a thorough education on how to avoid phishing scams and malware, such as not clicking unknown emails or attachments and promoting overall cybersecurity awareness.
Updated Antivirus Software
Obviously every organization should use antivirus software on every computer within the company. Unfortunately, this concept has gotten a little muddled during the pandemic when many employees worked remotely and needed to access personal devices. Don’t forget that software is only as good as its last update. Stop ignoring those notifications to upgrade your security software.
Develop a Backup and Disaster Recovery Plan
Hope for the best, but plan for the worst by fully developing and practicing your backup and disaster recovery plans. These should be reviewed regularly as threats will change and leadership should be well versed in what to do should an event occur. Talk to our team at Spectra about updating your Backup and Disaster Recovery Plan with our Backup as a Service and Disaster Recovery as a Service plans.
Improve Your Frontline Security
Passwords often are the first line of defense in a hacking incident. Be sure to train your employees (and practice what you preach) about using strong passwords. A password manager is a great way to go especially when there are multiple users, different levels of access, and changing workforce.
Data Leak Monitoring
From top to bottom, your workforce should be on the alert for data leaks and know who to report them to and what they may look like. The IT department can only do so much and are often stretched thin. Training employees on data leaks is a great way to have many sets of eyes on the potential threat.
The Bottom Line
Cyber threats are not going away any time soon. In fact, they are growing in number and intensity. Is your organization prepared for when, not if, an attack happens on your watch? Reduce your threats on as many fronts as possible including the suggestions we have given you here today. Talk to your managed service provider to see what else your company can do to avoid and deter cyber criminals in the coming months.