Today is World Backup Day, a day dedicated to protecting your vital information by backing up all critical files, and locking them away from scam artists and hackers. That has never been more important than it is now. Last year, we saw cybercriminals seizing a massive business opportunity. Our rapid shift to working from home due to COVID-19 plus heightened financial, political, social, and emotional stressors presented a perfect storm.
That storm includes:
- The consumer-grade routers and electronics we use at home are inherently less secure than the centrally managed commercial-grade devices at our offices.
- Many home networks are already compromised. In April 2020, BitSight found that 45% of companies had malware originating from an employee’s home network.
- Social engineering hacks like phishing, vishing, and smishing thrive when victims are preoccupied or fearful.
Our organizations became very vulnerable very suddenly, and bad actors did not hesitate to cash in. In March alone, scammers ramped up COVID-related phishing scams 667%. Overall, the Federal Bureau of Investigation’s (FBI) Internet Cybercrime Complaint Center (IC3) saw a 400% increase in reported cyberattacks in 2020.
While the events of last year presented a unique scenario for all of us, the swift and aggressive response from bad actors is indicative of a trend that will, unfortunately, persist: Cybercriminals have organized themselves into a successful enterprise that continues to innovate and evolve for maximum profit.
And that profit is sizable. According to a March 2020 study by Atlas VPN, cybercriminals bring in over $1.5 trillion per year in revenue—more than Facebook, Walmart, Apple, Tesla, and Microsoft combined.
Why Does It Matter?
Our only option when it comes to mitigating (not eliminating) the risk of a breach is to match ever-evolving threats with ever-evolving security strategy.
Cyber defenses cannot be “set and forget” anymore; while antivirus software, firewalls, and active monitoring tools are essential components of those defenses, they are no substitute for human vigilance.
Not only that, but our concept of vigilance must recognize the potential for highly sophisticated cyber breaches that span weeks or even months. Instead of snatching valuable data in discreet intrusions, cybercriminals are siphoning them off via prolonged, methodical interactions with victims. One popular scam works like this:
- The bad actors identify who in your organization processes payments.
- They gain access to that person’s e-mail account, generally through a standard phishing e-mail.
- They monitor the e-mail account over a period of time to identify high-dollar vendors.
- They craft a spoofed domain and impersonate that vendor (think email@example.com).
- The target receives an unassuming e-mail from the “vendor” with instructions to remit future payments to a new account (guess whose).
- The target continues paying the fraudster until you or your vendor realizes the mistake.
These targeted exploits cost U.S. victims roughly $1.7 billion in 2019—up 33% from 2018.
Attacks like this harm your business in two ways:
- Directly: In addition to funds stolen by a hacker, you may incur ransom payments, downtime while your data are recovered, and steep labor costs for emergency IT support. In the case of ransomware attacks, the average downtime is 19 days, and costs to remediate average $730,000 for those who don’t pay the ransom and $1.45 million for those who do.
- Indirectly: Your reputation takes a hit when news of a breach gets out (every state government requires some form of disclosure). Cybersecurity audits are becoming a popular precursor to business engagements and memberships, and 38% of businesses report losing customers because of real or perceived gaps in their cybersecurity posture.
While there will never be a silver bullet when it comes to cybersecurity, it’s imperative we adapt both our defenses and our mind-set to best protect ourselves in this new landscape….
Source: HR Daily Advisor