By October 2021, the number of publicly reported data breaches surpassed the total number of breaches that occurred in 2020. Not sure about you, but that’s a stat I didn’t expect. Given the upheaval that took place in 2020, I wouldn’t have expected 2021 to be worse in terms of cyber-attacks. But it was.
And those data breaches have caused some major issues.
Top companies are paying $25 per minute due to cyber-attacks and data breaches.
Roughly $2,900,000 is lost to cyber-crime every minute.
The average cost of a data breach is around $3.86 Million.
By 2025, cyber-crime will cost the world $10.5 trillion on an annual basis.
What is going on here?
We’ve been lax in our cybersecurity defenses, and open ourselves to attack through poor IT hygiene. Let me clarify. Our attention in terms of cybersecurity was turned on its head in 2020 with COVID, remote work migration, and IT professionals were scrambling to keep up. Unfortunately, 2020 turned into 2021, and the chaos continued. As businesses and as individuals, we were all just trying to keep up, stay motivated and keep things moving along as we thought we should. But the cyber-criminals out there weren’t in the same situation. They were in a “kid in a candy store” type of situation, and they enjoyed themselves, at our expense.
And the truth is that they do not plan to stop. Quite the opposite, they plan to intensify things.
There is a prediction that there will be a new cyber-attack, every two seconds.
What?!? Yep, the increase in more sophisticated ransomware attacks, is creating the perfect storm for these appalling numbers.
And, just for good measure, let’s throw in one more stat.
The average ransomware payment jumped 82% in the first half of 2021, compared to the same time frame in 2020.
And we all thought 2020 was the year we all wanted to forget! 2021 will go down in history as a bad year for cybersecurity. Will 2022 be the same?
Get It Together for 2022
We need to get back to basics when it comes to info security and cybersecurity, and we need to do it quick. And it needs to start with ALL of your employees. Yes, all of them. Organizations need to embrace a cybersecurity mindset. Employees need to be trained on cybersecurity hygiene and they need to understand what to look for, like fake websites, phishing emails and socially engineered attacks.
Google registered 2,145,013 phishing sites as of Jan 17, 2021.
Phishing attacks account for more than 80% of reported security incidents.
1 in 5 Americans have been a victim of a ransomware attack.
It’s Time To Bring Back (Or Start) Cybersecurity Training
Don’t hide from the stats that we’ve just listed, understand them, and share them with your employees. Talk about the stats, and what a breach could mean to the company, and to them personally. For example, if the business falls victim to an attack, all company data could be in jeopardy.
Things like employee SS numbers, health insurance information, their children’s SS numbers. Pretty sure your employees don’t want that information in the hands of the wrong people (a.k.a. hackers). Help employees understand that cybersecurity isn’t just about protecting the business, it’s about protecting them as well.
Implement Basic Cyber Hygiene Across The Company
- Understand the and document the hardware, software, and applications that you are utilizing. If there are tools you are no longer using, wipe them or remove them properly.
- Remove or uninstall any software or applications you are not regularly using.
- Update and install necessary patches.
- Ensure passwords or passphrases are strong, and unique.
- Review antivirus and malware software that is installed to ensure it is up-to-date and functioning properly.
- Incorporate multi-factor authentication, and/or ensure employees are using it.
- Employ device encryption and/or ensure employees are using it.
- Back up data via an offline hard drive or to a secure cloud environment.
- Regularly review who admin privileges have been granted to and remove contacts that no longer need these privileges.
- Identify employees that have left the company and ensure their credentials and access has been shut down.
Train Employees On Phishing Attacks
While phishing attacks seem like old news, they aren’t. They work. And employees need constant reminders on what to look out for:
- Look for typos or content that looks suspicious.
- Read (not skim) your emails and question their validity. Hackers are leveraging social engineering and machine learning to create more realistic phishing emails.
- Do not click on a link in an email. Type the website address directly into a web browser.
- Be suspect of attachments. If you weren’t expecting it, or it is from an unknown sender at an irregular time, do not open it.
- Be suspect of links that are texted to you from unknown phone numbers. Avoid clicking on them (even if they indicate they are about an order you placed).
- Leave the security and web filters on your devices in place, and make sure they are up to date on your personal devices as well.
We want you to have a successful 2022, and I’m sure you do too. Set yourself up for success by understanding the current cybersecurity landscape, knowing that cyber criminals are making plans, and taking the time to deploy the right tools and most importantly, train your team. Your team is your first line of defense against cyber-attacks – give them the knowledge they need to help the business, and themselves.
If you’re in the San Francisco area and are interested in finding out more about this or other essential cybersecurity topics, please don’t hesitate to contact Intivix at (628) 867-6130, or by sending us an email at: [email protected].