As we look back at the year that was, we can say that it was one for the record books in more ways than one. The challenges that companies were forced to deal with were unique and unprecedented. The rapid move to move workers off premise and the rapid adaptation to remote work methodologies opened the door to a colossal increase in cyber attacks. It was a rate of acceleration that no one saw coming.
- According to VMware Carbon Black, 91 percent of enterprises across the globe experienced an increase in cyberattacks this year
- Covid-19 is blamed for a 238 percent surge in cyberattacks against banks as well as an increase of ransomware attacks by 9x compared to 2019
- 16 billion records were exposed in the first half of 2020, a 273 percent increase over the first half of 2019 that saw 4.1 billion
- Attacks targeting home workers rose five-fold in the first six weeks of lockdown
- Phishing attacks rose 667 percent in the first quarter of 2020
Don’t Just Blame it on Covid-19
While the surge in cyberattacks can be attributed to the events of 2020, the root of the problem lies in the continued lack of preparedness of people and individuals. Take the fundamental issue of passwords for instance. It is estimated that there are 300 billion passwords being used by both humans and machines in 2020. Now consider that the average Fortune 500 employee has as many as 90 personal and business password protected accounts. Despite the complete reliance on passwords, 28 percent of American adults use the same password for all accounts.
This is a problem because 94 percent of malware is delivered by email, which is too often protected solely by password authentication. But it goes even beyond password indolence. Take the healthcare sector for example. That industry experienced a 350 percent increase in ransomware attacks in the 4th quarter of 2019. Yet a study showed that 75 percent of healthcare entities do not use adequate email scanning and filtering tools and practitioners are 14 percent less likely than average to use the most basic forms of email authentication. In addition, healthcare facilities are far more likely to continue the practice of the remote desktop protocol, which has always been a targeted vulnerability for ransomware perpetrators. This is but one industry example of how companies are still unprepared for even the most basic of threats.
Keeping Pace with Innovation
If anything, 2020 spotlighted a blaring reality that companies are introducing innovation faster than they can secure it. This has actually been a fact for years that was greatly accentuated over the past nine months. This is why attack preparation is so imperative today. In order to stay ahead of the evolving threat landscape, you need to apply innovation to your cybersecurity efforts. This is where the value of a competent cybersecurity partner can come into play, one that keeps pace with cybersecurity innovation
Other Tools to Help You Prepare
Of course simply knowing what your risks are is not enough. You need a few other tools to be fully prepared in order to secure you, and then effectively react in the event of a cyber incident. Some of the recommended tools include the following.
- Regular Pen Testing by a qualified professional with extensive experience that can test the entire attack surface of your enterprise, both on prem and cloud. Even better is a Recurring Pen Testing Program to have an ongoing service to test your security controls.
- Sensitive Data Scanning in order to identify, inventory and categorize all of the sensitive data hosted in your network in order to assess what data is compromised or affected in the event of an attack. This is essential not just in the case of data breaches, but ransomware remediation as well.
- A thoroughly crafted Incident Response Plan that outlines the required actions that assigned job roles within the organization must undertake immediately following a cybersecurity incident. A recent study by the Ponemon Institute showed that organizations that had a tested incident response plan saved an average of $1.23 million. Having a proactive and ongoing incident response readiness strategy can help you prepare for all types of cyber security threats as they arise.
- An ongoing Managed Detection and Response (MDR) or Threat Hunting Program provides a consistent and steady review of your threat landscape for your industry and organization. It will provide insight on where to prioritize your efforts and plan of action to mitigate your risks.
Prepare to be Response Ready
If anything, 2020 showed us the clear advantage of being prepared and to have a continuous program in place to be ready for new threats and attacks. Review your risk profile and assess what security controls you should consider for your changing security posture. Start with a risk assessment, implement a Risk Management Program supplemented by proactive security solutions.