Cyber attacks have become a bigger threat to businesses with no signs of slowing down. Without exaggerating, these attacks are happening daily in many forms, from data breaches to ransomware attacks, crypto-jacking, and beyond.
How Big Has the Cybersecurity Threat Become?
It is no coincidence that US CEOs view cyber-threats as their number one concern when considering external threats to their business; not competitors, disruption, or other market forces. When looking at the cost of ransomware attacks alone, the economic impact is staggering. From 2016 to 2017 the estimated cost of ransomware attacks quintupled from $1 billion to $5 billion (yes, that is with a “b”). Even though that seems to be a large number, the reality is that this figure is only an estimate, as it is unclear at what rate businesses report ransomware attacks and could actually be much higher.
We’ve Seen the Enemy and the Enemy is Us
While awareness of the threats and consequences is high, that recognition is not turning into preventative action. Insider threats account for 43% of all data breaches. Additionally, according to a study by Cisco, cyber liability insurance is missing from the portfolios of 68% of US businesses. So, if businesses understand the threat, why not address it? This inaction may fall into two categories of thought:
- Businesses may not feel they are comparable to victim businesses announced in the news.
- Businesses believe a one-time training program has decreased the number of attacks, so they are heading in the right direction.
A Growing Risk to Smaller Businesses
As cyber-attacks increase in volume, headline-grabbing breaches like Home Depot and Target cloud the threat to midmarket and smaller companies. Over 53% of midmarket companies have experienced a breach and according to the trend, attacks will continue to grow. In 2016, a business fell victim to a ransomware attack every 40 seconds. Cybersecurity Ventures predicts that figure will escalate to every 14 seconds by 2019, and every 11 seconds by 2021. It is easy to see how this can happen when you consider there are over 578,702,687 known malware samples in existence, with four to five new malware samples launched every second.
Training Can Help, but Changing Behavior Lags the Threat
As noted above, training does help cut down on the number of potential breaches, but it needs to be robust and ongoing (i.e. more along the lines of monthly than annually). Even though businesses are starting to offer more training, a recent study by the Poneman Institute indicates that 69% of employees admit to sharing passwords with their peers. This behavior poses a direct threat to companies and should be addressed by educating employees more often on cybersecurity “do’s and don’ts.”
The Cost of Inaction
While companies face the reality of cybersecurity threats, concerns about the cost of cyber protection impacting their bottom lines overlook the much larger potential cost of a data breach. The average loss from a breach in 2017 was $1.3 million and the size of the problem is not slowing down. The estimated damages from all cyberattacks in 2021 are estimated to be $6 trillion dollars by 2021.
While the scope and scale of cyber-threats are staggering, there is hope. Once upon a time, having good antivirus software and a firewall in place was ‘good enough’ protection. In today’s reality, there is much more that can be done, including but not limited to the following areas:
- Comprehensive cyber liability protection
A Cybersecurity Education Platform
- Real-time alerts and notifications for the IT Team
- Regular metrics reporting and recommendations for improvement for senior management
- Clearly communicated support for staff in the event of a suspected breach
- Dedicated cybersecurity leadership, roles and assigned responsibilities to make sure “other duties” do not get in the way of successful program implementation
- Technology & data use policies
- Incident response plan
- Training and testing programs
Proactive Defensive Tactics
- Cybersecurity scanning to look for vulnerabilities
- Stolen password scanning
- Managed phishing simulations
- Company-wide threat alert detection
- Cybersecurity awareness messaging in the workplace (posters, placards, etc.)
- Website scanning
All of these tactics can help reduce the risk of exposure from a cyber attack. What’s most important is prioritizing cybersecurity now! Being proactive and persistent can make all the difference in the world.