Every 39 seconds. That's how often a cyber attack happens. Experts warn that threats are increasing in sophistication, frequency, diversity, scale and scope. Despite all of the publicity about high profile cyber attacks, according to Symantec about 85% of small business owners believe their business is safe, even though only 25% of them have had an outside party test their systems, and nearly 40% do not have data backup in multiple locations.
Two recent posts on the Cyber Security Intelligence website address top threats in 2020 and how to prepare for them.
The top six threats:
- Leaking email:
- The most common cyber attacks are phishing scams trying to make users click on links or attachments. The attackers can then harvest credentials and personal/confidential information, or install malware
- Business email compromise:
- In 2018 it cost organizations $1.3 billion, half of all cyber crime reported to the FBI.
- AI-based videos and audios used to trick employees into making wire transfers.
- Cloud platforms:
- Hybrid and multi-clouds create more complex security exposures.
- Criminals are focused on fewer targets but demanding higher ransoms. The average incident lasted over six days, and downtime increased 47% quarter to quarter in 2019. 75% of organizations that paid ransoms had their backup encrypted.
- Supply chain problems:
- Suppliers with weak security will be exploited by hackers. More attacks on managed service providers are expected.
Five recommendations on preparation for a cyber attack:
- Annual cyber audits at different times of the year.
- Apply all updates and patches as soon as possible.
- Train employees to be aware of phishing emails, how to recognize and report them. (Be wary of emails from unfamiliar sources and "urgent" requests for money.) Signs of a phishing email include slight changes in address, requests to click a link or open attachment, misspelled words and messages that don't use your name.
- Test and review backup an recovery systems. Know how long it takes to be back online.
- Review and test your incident response plan. Be sure everyone knows how to respond to a breach (including contacting your Cyber insurer)
A final note: Frequent readers may wonder why I keep returning to this subject. Reread the first paragraph; as long as the statistics don't change I'll keep posting.
I encourage you to schedule a quick 10 minute call today with our Risk Management expert, Steven Sharkey to learn more about how you can better protect your business from potential cybersecurity threats.