If 2020 was the year of the pandemic, it was also the year of the cyber attack. The two are connected in that the rapid move to remote work increased the risk of cyber attacks. However, as pointed out in a post by security firm Halock, the increase was also the result of long standing inadequate security practices.
Admittedly, 202 was a bad year for cyber attacks:
- According to VMare Carbon Black, 91% of enterprises worldwide experienced increased attacks.
- Banks had a 238% increase in attacks.
- There were nine times as many ransomware attacks as in 2019.
- 16 billion records were exposed in the first half of 2020, compared to 4.1 billion in the first half of 2019.
- In the first six weeks of lockdown, attacks on home workers rose fivefold.
- Phishing attacks rose 667% in the first quarter of 2020.
These increases are at least partly due to poor security. There are an estimated 300 billion passwords in use - a single employee could have 90 personal and business password protected accounts. However, 28% of American adults use the same password for all their accounts. (The post did not say what percentage of these single-password users use "password" as their password.) Since 94% of malware is delivered by email, this is a major problem.
As an example of lax security in an entire industry, healthcare experienced a 350% increase in ransomware attacks in the 4th quarter of 2019. 75% of healthcare entities did not adequately scan and filter emails, and they are 14% less likely to use any form of email authentication.
Companies are introducing innovation faster than they can secure it. To keep pace with threats, organizations need
- Regular penetration testing.
- Sensitive data scanning.
- An incident response plan.
- A managed detection and response program.
Use a security professional to help set up these programs.