October is Cybersecurity Awareness Month. Since 2004, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA) have joined together every October.
The goal is to raise awareness regarding the growing threat of cyberattacks for both individuals and businesses — while providing educational resources on ways to prevent potential breaches and instill proper security behaviors.
The theme for this year is #BeCyberSmart, and organizations are encouraged to use this hashtag to contribute to the conversation online through social media and other platforms. As a leader in the cybersecurity community, and a cybersecurity month champion, it is our job to help get the conversation started. So let’s start by asking…. how serious does your organization take digital security in 2021?
Cybercrime: An Ever-Growing threat
While the danger presented by cybercriminals and malware is nothing new, the threat gets more substantial every day. It is estimated that 2,200 cyberattacks happen each and every day. That’s an average of one every 39 seconds! And cybercriminals aren’t showing any signs of slowing down; in fact, both the frequency of crimes committed and the scope of damage done by these attacks are increasing year over year.
Ransomware attacks, especially, have been increasing in frequency as cybercriminals look to extort financial gain from businesses. Between 2019 and 2020, ransomware attacks rose by 62 percent worldwide, and by 158 percent in North America alone. Recent ransomware attacks caused catastrophic damage to large companies, including attacks on JBS Meat Packaging, The Colonial Pipeline, and the UVM Medical Center.
All businesses, from large international corporations to small mom-and-pop shops, need to treat every month as if it were cybersecurity awareness month. The best approach to keeping your organization secure is to take proactive measures to prevent these attacks from happening in the first place — rather than suffering the consequences of a wait-and-see approach to digital security.
A cybersecurity awareness month mindset
The conversation about cybercrime shouldn’t stop once October ends because attacks will remain a threat all year round. In 2020, over 64 percent of companies across the globe report having been the victim of some sort of cyberattack — and 94 percent of all malware enters the affected network through email.
With stats like these, it is easy to understand why companies of all sizes must remain vigilant and aggressive about their cybersecurity measures. Those that commit cybercrimes are creative and sophisticated. Cybercriminals are always looking for a new way to breach a system, and no single security measure or practice will provide endless protection. A constant assessment, testing, and implementation of a business’s security strategy and parameters are non-negotiable.
If you think that your small business is safe because it isn’t on the cybercriminals’ radar, think again. Cybercrime costs small businesses an average of $2.2 million a year. In 2020, the incidence of cybercrime on small businesses increased by 424%, with 43% of all reported breaches happening to small companies.
The Three-Pronged approach
In order to best position your business’s security posture against complex cyberattacks, a three-pronged approach to prevention is recommended.
1. Avoid human error
The single most effective protection against cyberattacks is a well-trained staff. The sad truth is that most breaches are attributable, at least in part, to human error.
It is vital that every member of your staff is well-versed in the warning signs of malware, phishing scams, or other intrusion methods. Training sessions should be conducted monthly, or at least quarterly, to update staff members on the newest techniques and trends used by cybercriminals and how to spot them.
It is also important that your entire staff be made aware of and trained to use any updates to any of the software they use.
2. Update security continuously
Your security software and protocols need to be updated as often as necessary, not only at regularly scheduled intervals. Cybercriminals are continuously scanning for weaknesses in your network, so you must do the same. When vulnerabilities are discovered or worse yet, when a breach happens, action must be taken immediately to rectify the problem.
3. Have a cybersecurity team
Large corporations have the budget to hire an entire in-house team of skilled cybersecurity professionals that prevent and repair any damage caused by attacks.
For most small to midsize companies, this is not something their budget may allow for. However, their need for a skilled cybersecurity team is still unquestioned. The best solution for these types of businesses may be outsourcing their cybersecurity needs. By doing so, your business gets the advantages of a knowledgeable and experienced cybersecurity team without breaking the bank.
If you’re asking yourself whether your company can afford to hire a cybersecurity firm, you are asking the wrong question. The question you should be asking is whether you can afford not to. Cyberattacks commonly cause irreparable damage to businesses’ revenue and reputation, sometimes leading to company uncertainty or even closure.
2021 has already seen countless cyberattacks
If you have any doubt as to the ongoing severity and frequency cyberattacks, just look at some of this year’s headlines. These breaches have cost billions of dollars, negatively affected millions of individuals, and brought large multinational corporations under the microscope for poor cybersecurity hygiene.
Here are just a few of the companies that have been exploited by cybercriminals this year:
In May of this year, hackers breached Colonial Pipeline’s network, infected it with an attack vector, and shut down their IT systems. After the attack, Colonial called in a third-party firm that specializes in preventing cyberattacks to assist them, but by that time the damage was done. In addition to cutting down the East Coast’s fuel supply by nearly half, the attackers also made off with 100GB of corporate data.
In June, JBS Meat Packaging was hit with a cyberattack that forced them to halt all slaughtering and processing of meat. JBS, a major supplier of beef for the United States, is an essential component in the food supply chain. This freeze in network integrity put significant pressure on JBS to figure out how to keep up with orders and ensure meat made it to stores.
Ultimately, JBS chose to pay the $11 million ransom to get their processing plants up and running again after only one day. This avoided most of the problems for consumers, but the company lost not only the ransom money but considerable damage to its reputation. Again, an independent cybersecurity team was brought in to help with the clean-up and network restoration.
SolarWinds is a software development firm based in Texas. Their network solutions are used by numerous businesses across industries — both public and private. SolarWinds internal network was breached sometime in early 2020, and the infection went undetected for several months. During this time, the hackers had access to sensitive data from all of SolarWinds clients, including Microsoft, FireEye, and government agencies like the Treasury Department and the Department of Homeland Security. It is believed that over 18,000 companies, agencies, and organizations were affected worldwide by this breach.
In January of 2021, several “bugs,” or potential weaknesses in the Microsoft Exchange server system were detected. It wasn’t until March that the company released patches to correct these vulnerabilities. During the time in between, hackers were making use of the bugs to compromise the networks of countless Microsoft Exchange clients. This included government agencies, large corporations, and small businesses.
Cybersecurity awareness starts now
If you’re looking for more guidance on how to move your cybersecurity program forward, CDG can help. We are shifting the cybersecurity consulting paradigm to address the needs of mid-market, cloud-native or cloud-reliant companies who are experiencing rapid growth.
Founded in 2016 by global security expert Lou Rabon, our nimble team draws on decades of experience and diverse technical expertise to deliver a full spectrum of information security advisory and implementation services on a fixed-cost basis. Our right-sized, results-driven approach will help you meet your immediate needs, but also ready you to navigate what’s ahead. Get in touch, and see what results are possible for your organization.