Learn the extent of recent major breaches, and the precautions to take to protect your organization’s data.
Breaches in the US have increased to an alarming rate over the last 3-6 months. For example, fresh research indicates that during the initial months of 2023, there was a 40% increase in phishing and smishing (text-based phishing) attacks in comparison to the corresponding period in the previous year. There are several things contributing to this alarming rise in cybercrime.
The rise and ease of access to AI tools in the public domain is leading to more effective and numerous ransomware and phishing attacks. The security company Barracuda recently reported a significant increase in ransomware attacks, noting that they have doubled from August 2022 to July 2023. This surge in attacks has been primarily attributed to two factors: the exploitation of networks through sophisticated AI-generated phishing campaigns and the utilization of AI to automate attacks, thereby extending their impact and reach.
Fleming Shi, CTO at Barracuda, commented that, “Recent advances in generative AI will only help ransomware gangs increase the rate of attack with more effective cyber weapons.
That’s why it’s essential for organizations to have tools in place to detect and prevent attacks, but also to be resilient and prepared to recover from an attack.”
The Painful Costs of Cybersecurity Breaches
Accenture’s Cybercrime study shows that only 14% of SMB's are prepared for cyber security attacks. Verizon’s 2021 SMB Data Breach Statistics reveal that SMBs spend between $826 and $653,587 on average, on cybersecurity breaches. And it is increasing steadily with each year, expecting to reach the trillions by 20235.
SMB owners should implement the following security measures:
Implementing MFA, & strong passwords
Conducting regular vulnerability scans
Use strong anti-malware programs and maintain firewalls.
Secure code and regular review of code
Long-Term Impacts of a Cybersecurity Breach:
Cyber incidents bring a cascade of costs that hit companies where it hurts. The global average data breach cost reached $4.35 million in 2022, doubling in the US to $9.44 million. Think ransom payments, lost revenue, downtime, legal fees – the whole package. Post-breach audit fees spike by 13.5%. The healthcare sector alone lost over $7.8 billion in 2021 from ransomware.
It's not just about losing money up front, cyber risks ding your organization's credit ratings. Weak security means higher borrowing costs and financial risks.
How to Prevent Cybersecurity Breaches
Whether your organization is Fortune 100 or just 100 employees, the potential for devastation is ever present and mounting. Here are some things you should do immediately to remediate your cyber security risks:
1. Identity and Access Management:
English multi-factor authentication so users must prove their identity when accessing information from a new place or device. Encourage users to also use strong passwords and not share them or use them across multiple applications.
2. Add an Overarching Cybersecurity Champion or Partner
Implement Cybersecurity in every aspect of your company by selecting a cybersecurity champion in your leadership or board. Ensure that every area of your company from finance to shipping to 3rd party vendors is being viewed through a cybersecurity lens with new projects and implementations and as you review integrated legacy systems.
3. Build Cybersecurity into Long Term Planning
In the realm of cybersecurity, another crucial step for executives is to embrace a long-term strategy, ditching the reactive, short-term approach. Even if it means diverting resources from immediate revenue generation, investing in cyber risk management now will save your business from losing thousands down the road. Implementing a zero-trust approach to not just Identity and Access Management, but also around your devices, shared content and partner access.
4. Train People and Implement Technical Controls
You most likely have access to tools in your current environment that can prevent or mitigate most threats to your organization. Regular training from a security specialist (internal or external) should be conducted so secure protocols and systems are in place, and users should be aware of how to detect threats themselves.
5. Regular Security Assessments:
Conduct security assessments on a regular basis, preferably at least twice a year, to verify that your security posture is not compromised. This is because attacks are constantly getting more complex, and what was safe months ago is now vulnerable. Semi-annual security assessments also help identify configurations and remediations that you have implemented previously that no longer match the policies or company goals for cybersecurity.
Boost Your Organizations Security
To tackle cyber security challenges head-on, it's imperative for companies to appoint a cybersecurity advocate at the management level and find a trusted partner to support this resource and effort. To ensure your organization is safe from breach, speak with a security specialist today.
Article by: Modern Work and Security Senior Architect, Jamye Few
To learn more about Jamye, and our other team members, click here.
