No Business is Immune: Big & Small Alike Must Consider Cyber Security Threats
Right now, cyber security risks are higher than they’ve ever been, and lower than they ever will be. The quantity of cyber threats continues to rise, along with the cost and consequences of breaches. To be forewarned is to be forearmed, so we’re diving into the threat landscape faced by organizations of all sizes.
Shedding light on issues requires looking – and knowing where to look. You don’t know what you don’t know. Some concerns, such as worries about phishing attacks, or the need to onboard new users, might be above the surface of the water for you. But the remaining iceberg lurking below might be exponentially bigger. Or perhaps you’ve already plumbed the depths and very little remains unknown.
In either case, what you don’t know can absolutely hurt your organization. That’s why Wursta offers cyber security assessments to inform you of any shortcomings and provide a roadmap to your ideal security posture.
Threats to the Modern Workplace
Organizations currently face a difficult cyber security landscape in which:
- Consequences are higher
- Ransomware demands increased 518% while payments climbed by 82% in the first half of 2021 compared to 2020
- Average cost of a data breach increased 2.6%, reached an all-time high of $4.35 million in 2022
- Likelihood has increased
- 40% of businesses were attacked within 12 months
- Fund transfer fraud (FTF) losses increased 69% from 2020-2021
- Impacts are big
- 60% of small businesses fold within 6 months of a cyberattack
- Global cybercrime costs are expected to grow by 15% per year, reaching $10.5 trillion annually by 2025
Too Big to Be Attacked?
Just last month, one of the largest, most well-respected tech companies on Earth discovered major security vulnerabilities that could allow hackers complete control of a user’s device. The company cited an anonymous researcher for the discovery and released patches to combat the bugs.
Many large enterprises have been victims of data breaches, including Target and Equifax, with 13,000 employees and $4.9B annual revenue.
Too Small to Be Attacked?
SMBs may believe their small size provides a level of protection from cyberattack. My son expressed a similar sentiment when Baltimore County Public Schools was the victim of a ransomware attack which shut down remote learning in November 2020.
“Why would they attack our school? Wouldn’t they want to attack a bank?”
Well, sure, the bank has more money if you can successfully steal it, but they also have more robust cyber security. Schools are an easier target, and they can also be successfully extorted for ransom. Athens Independent School District paid ransom of $50,000 to recover its data. (Baltimore County didn’t reveal if they paid any ransom.)
Additionally, small businesses are being hit more frequently, although it’s often not publicized since many SMBs aren’t subject to the same reporting regulations as larger enterprises. Another common misconception is that an SMB’s data isn’t important to hackers. Well, we presume you want your data, and therefore, you’ll pay to get it back if it’s stolen. Again, ransomware attacks on public school systems are a relevant example.
Ransomware Attacks are Lucrative
The percentage of firms paying ransom has increased, making these attacks increasingly lucrative. According to CyberEdge Group’s seventh annual Cyberthreat Defense Report (CDR), “In 2018, only 39% of ransomware victims actually paid the ransom. In 2019, that number rose to 45%. Today [2020], an alarming 58% of victimized organizations have paid ransoms.” The numbers continue to rise. According to a 2022 report from security company Claroty, 80% of critical infrastructure organizations experienced a ransomware attack in the last year, of which over 60% paid the ransom.
Cyber Insurance ≠ Get out of [Ransomware] Jail Free Card
Cyber insurance has been viewed as a ‘get out of [ransomware] jail free’ card, but that’s not the intention. With insurance companies making frequent payouts, we expect to see increasingly strict requirements prior to granting coverage. Failure to implement and maintain basic cyber security best practices is considered negligence. And breaches resulting from negligence are generally not covered.
The Good News – Cyber security is a Wise Investment
So, let’s move on to the good news.
It makes economic sense to invest upfront in cyber security to protect your organization. Securing your environment to defend against common threats is the right move forward. Services such as a cyber security assessment may increase your costs up front, but these investments will mitigate risks and lower the cost of consequences you could otherwise face. For example, Wursta recommends KnowBe4 to educate your employees and gauge their awareness and ability to spot phishing. KnowBe4 allows you to conduct simulated phishing attacks. If your employee fails the test, it automatically enrolls them in training.
The challenges and threats faced by modern businesses are very well addressed by Google Workspace and the Google Cloud Platform. Many cyber security best practices will reduce your risk of falling victim to multiple types of threats. Additionally, some of the strongest mitigations are easy to implement and may not even result in any additional costs, such as Google’s 2-Step Authentication.
With our comprehensive cyber security assessments, Wursta works to understand your business, goals, and risk tolerance to build the security posture that meets your needs. Contact us to see if our services would be a fit.