Hackers from around the globe have been more active than ever over the past year. And cybersecurity experts are feeling on edge.
A recent cybersecurity report surveyed over 1,400 global chief information security officers (CISOs) in 14 countries. Most of them believe their organizations are unprepared for a cyber attack. That’s bad news considering 64 percent expect to face such an attack next year.
The Colonial Pipeline attack is the latest attention-grabbing cybersecurity headline in a growing list of troubling incidents. Let’s examine why these leaders are concerned and what you can do to protect yourself and your business.
Why Cybersecurity Experts Are Feeling Tense
Lucia Milică, the author of Proofpoint’s report, told The Hill that cyber preparedness for organizations is still a ‘major concern.’ More than half of the CISOs interviewed felt like increased remote and hybrid working made their jobs more difficult. Sixty percent said they saw increased attacks during the pandemic due to remote working.
Check out how easy it can be for a hacker to infiltrate a device:
These experts are worried about a wide range of attacks, from email security to supply chain attacks to ransomware. And Milică said that the expectations from their businesses ‘seem excessive.’
One thing is clear, key decision-makers of businesses are still not yet on the same page as their cybersecurity experts. Only 25 percent of the CISOs felt they were on the same page with company leadership regarding cyber threats and resources.
And this sad fact has been confirmed in separate reports.
In 2019, Keeper Security’s SMB Cyberthreat Study found that 66% of senior decision-makers at small businesses believed they were unlikely to be targeted by criminals.
An Inc.com report found that more than 60% of the firms didn’t have an up-to-date cybersecurity strategy or any strategy at all.
Cyber Threats Are Not Going Away
If 2020 taught us anything about online security, we’re no different than animals. When the herd migrates, so do its natural predators.
As most people migrated to an online work environment last year, hackers followed in droves.
We’ve seen a seemingly endless string of massive hacking incidents, and each one seems to top the last. The FireEye and SolarWinds attacks blew the floodgates open in late 2020. The latter attack compromised more than 100 private sector groups and nine federal agencies.
Not to be outdone, Russian and Chinese hackers infiltrated the Microsoft Exchange server a few months later, possibly leaving thousands of other businesses vulnerable to attack.
And the hackers are getting bolder. Ransomware Babuk recently breached the Metropolitan Police Department of Washington D.C. And Russian hacker group DarkSide is currently making headlines for compromising one of the largest oil pipelines in the United States.
The threat is real, growing, and can have devastating consequences.
IBM and Ponemon Institute’s 2020 Cost of Data Breach Report stated that the average data breach cost $3.86 million in 2020.
According to the National Cyber Security Alliance, 60% of companies leave business within six months after falling victim to a data breach.
Despite these alarming statistics, decision-makers at companies are still failing to adapt.
Ryan Kalember, executive vice president of Cybersecurity Strategy for Proofpoint, explained in a statement on Wednesday why this attitude will simply no longer work:
The ‘good enough’ approach of the past 12 months will simply not work in the long term: with businesses unlikely to ever return to pre-pandemic working practices, the mandate to strengthen cyber security defenses has never been more pressing.
What Should Businesses Be Doing to Protect Themselves?
As the CISOs in the Proofpoint report expressed, experts alone cannot stop cyber criminals. Protecting firms against hackers must be a team effort.
Some of the most basic steps businesses should take include:
- Requiring long, varied passwords for any sensitive accounts
- Enabling two-factor authentication for any sensitive accounts
- Investing in basic cybersecurity training so employees can avoid common pitfalls such as social engineering
- Installing and regularly updating anti-virus software
- Limiting employees’ access to sensitive data
- Conducting regular vulnerability tests and risk assessments
- Formulating a protection plan and reaction plan in the event of an attack
Here’s an informational guide from the FTC about ransomware and small businesses:
Each protection plan comes with a free consultation to help tailor our packages to suit your needs. If you have any questions about your small business’ cybersecurity, contact us at support@hacked.com or book a free consultation call today.
Featured image by SFIO CRACHO from Shutterstock.com