Cybersecurity For the Real World: Break it down for me
You’d think by now that every organization would have its cybersecurity locked in. After all, it’s 2022. Every business is a digital business whether it is running a website, hosting documents in the cloud, or leveraging team management tools with its remote workforce.
Unfortunately, having sound cybersecurity protocols and safety measures isn’t as simple as it sounds. Most companies still operate under the misguided notion that having an IT department or a firewall is the same thing as having cybersecurity. Attackers are targeting businesses, especially small and medium-sized businesses (SMBs), and attaining success because they are often the least protected and most valuable to the U.S. economy.
Cyber Attacks Are Big Money
Cyber attacks are not cheap. IBM reported the average cost of a data breach for an SMB can reach up to $2.98 million. Ouch!
For a company with less than 500 employees, one breach could put it out of business. Sai Huda, Founder, and CEO of CyberCatch notes that SMBs are often easy targets for hackers that want to make money or use that SMB to infiltrate larger organizations. The company launched a study that scanned 21,850 SMBS spread across North America and found three distinct vulnerabilities – spoofing, clickjacking, and sniffing.
Cybersecurity threats are so pervasive that foreign government agencies have used them for years to conduct corporate espionage, manipulate elections, and cripple critical infrastructure. In 2016, a small dam in Rye Brook, New York was hacked by a foreign government through a cellular modem. Interestingly, the criminals accessed control long before the breach was discovered – in 2013. That’s three years of undercover spying and intelligence gathering before anyone realized what was happening.
More recently, the Colonial Pipeline was a victim of a ransomware attack that affected customers and airlines across the East Coast, illustrating that companies of all sizes still have a long way to go in mitigating risk.
Cyber Risk is Everywhere. Now what?
Cyberattacks are not going away much like technology isn’t slowing down. While two-factor authentication, encryption, and detection between a real email or a phishing email is still critical, it’s not enough to prevent criminals from infecting devices through back door channels.
Organizations of all sizes must first treat cybersecurity like a critical part of its infrastructure from the very beginning. This means having security policies in place, constantly testing, assessing, and implementing controls so vulnerabilities are detected well in advance. Many times, companies treat cybersecurity as an afterthought, waiting years to do something about it, if at all.
CyberCatch’s Small and Medium-Sized Business Vulnerabilities Report uncovered ten SMB segments with significant vulnerability risks in 2021. They include medical practices, accounting, and legal firms, defense contractors, manufacturers, higher education, and transportation, among others. Consider the damage to any one of these industries if a criminal gang penetrated a company’s database for patient records, sensitive government materials, and private financial and banking information. The collateral damage could completely shut down the SMB in question, leading to expensive lawsuits and wiping out important records.
Employees need better education on how to spot suspicious activity so they don’t become the ‘Trojan Horse’ at their respective company. Most cybersecurity awareness training today misses the mark. In order to do this successfully, treat it like a virtual reality game where employees find themselves in a real-world scenario, are consistently tested, and scored on how secure they really are.
Finally, all companies, including SMBs, must deploy a comprehensive security solution beyond what firewalls and IT departments can provide. Cyber hackers are like ninjas that can quietly detect a weakness in an organization, move through backdoor channels, and slip malware undetected years before it’s ever discovered.
From there, companies can test, assess, and fix security holes on an ongoing basis. Cybersecurity is not a “set it and forget it” solution for the digital age. It’s an ongoing, active process that requires everyone to participate, from employee to customer to partner. While cyber hacks and ransomware are a part of the modern era, breaches are preventable.