In the era of COVID-19, cyber risks continue to grow. As companies scrambled to enable nighttime telecommuting, the cyberattack surface quickly expanded as employees were granted remote access to data and applications. Add to this a string of high-profile breaches, and cybersecurity is at the top of most corporate boardroom priority lists.
Due to the nature of cybercrime, cybercriminals are rarely caught. Organizations often have to deal with the aftermath when they or their customers are affected by a data breach or attack. Ultimately, even if insurance was in place, companies would be held liable for negligence and legally liable if an attack caused financial or other damage due to inadequate cyber resilience planning. It will be. The recent Emotet attack is one of the few examples of criminals being discovered and law enforcement taking action. But given the scale of global cybercrime, this is really small.
The changing nature of attacks
As we shift to online-centric lifestyles due to Covid-19, cybercriminals are working overtime to prey on individuals and businesses. And now, with over 70% of his cyberattacks targeting small businesses, no one is safe.
Hackers are increasingly targeting small businesses. For them, this is easy money.
The smaller the company, the less likely it is to have adequate cyber defenses in place. Even large SMBs typically don’t have the budget or resources for a dedicated security team or cutting-edge threat prevention and protection. Ransomware, for example, is one of the biggest threats facing businesses today. While the number of ransomware attacks has declined over the past year, that’s because ransomware has become more targeted, better implemented, and more ruthless, with criminals choosing between higher-value and weaker targets. specifically targeted.
One of the most intriguing and worrying findings in the Hidden Costs of Malware report is that companies may, and are prime targets for doing so, pay more to get their data back. I was told that there is In our survey, about a quarter of businesses were asked to pay between $11,000 and $50,000, and nearly 35% were asked to pay his $51,000 to $100,000.
In fact, ransomware has become so lucrative and popular that it is now available as a “starter kit” on the dark web. This means that even novice cybercriminals can create automated campaigns that target businesses of all sizes.
These individuals work in tandem with ransomware cartels and are increasingly purposeful in targeting victims to maximize profits. The groups carrying out these attacks typically reconnoiter their targets to find out their exact penetration methods and which systems should be encrypted in order to cause maximum chaos.
Every Business Must Have Cyber Resilience
For small businesses, cybersecurity initiatives can be a costly proposition. However, it is important to lay the foundation. Organizations should focus on cyber hygiene, patching, user access control, two-factor authentication, firewalls, and security training. An integral part of any organization’s defense is employee training, which should form the basis of your security strategy. It starts with IT administrators keeping the entire organization informed about the threat landscape.
Security awareness training should be provided to employees from day one to ensure that they are vigilant about the types of emails they receive. This should be backed up with cybersecurity technologies such as email filtering, virus protection, and sensible password policies.
prepare for the worst
To maintain cyber resilience, every organization should have an incident response plan to ensure they are prepared for worst-case scenarios. This includes creating response teams accountable for proactively stopping attacks and mitigating risks before reporting incidents and initiating necessary remediation.
A comprehensive incident response plan should identify priority data and resources for recovery. IT and security teams also need to remember that they can’t “get everything up and running all at once.” Backup and restore processes should also be tested regularly to simulate real-world events.
After all, anyone who thinks his business or his managed service provider (MSP) is not vulnerable to cyberattacks is naive. Ransomware gangs and state actors are now targeting all kinds of businesses. Therefore, it is critical that all businesses remain vigilant and implement security and backup policies to protect employees and assets wherever they are.