It’s the stuff of IT managers’ nightmares and it is coming to a server near you: ransomware attacks, phishing schemes, privacy breaches, and other yet-to-be imagined cyber threats aiming to pilfer the sensitive data stored on your IT systems.
Cybercriminals target large companies like Microsoft, Equifax, Expedia, and Barnes & Noble just to mention a few big victims from 2020. At one point, a researcher also discovered in 2020 more than 260 million Facebook accounts for sale on the dark web.
Smaller businesses are targets too, especially for ransomware attacks and phishing attacks. Statistica reports that there were 1,001 data breaches in the United States alone in 2020, exposing more than 155.8 million clients and customers who assumed their information was stored in a secure manner.
What’s the cost of a cybersecurity breach?
The cost to the individual consumer is mostly measured in annoyance: yet another new credit card issued because of identity theft, then repeatedly going through old billing accounts to update payment information. It’s tiring.
The cost to a major retailer or a healthcare provider, however, is measured in the millions; including state and federal fines if the business wasn’t in compliance with laws relating to data privacy and disclosure of privacy breaches.
Mavon Insurance compiled a list of some of the biggest payouts, settlements and fines associated with cybercrime. In 2014, for example, Home Depot paid $200 million to financial institutions and customers, plus state issued fines, when its point of sale system was breached. Uber paid $148 million in fines in 2016 when cyber criminals broke into the company’s IT systems and stole data from riders and drivers. The fine was because Uber didn’t follow reporting laws.
The loss of reputation and goodwill after a cyberattack lasts for a long time, and it’s well-known that consumers avoid a retailer that was hacked because it didn’t have proper, updated cybersecurity measures.
According to IBM’s 2020 data breach report, the global average cost of a data breach is $3.86 million. The healthcare sector sits at the highest end, with an average of $7.13 million for each breach.
Let’s not forget that organizations that don’t implement data protection measures to protect customer data, intellectual property, or other sensitive information — such as by meeting NIST standards — may simply lose their competitive edge over time.
Firewalls have gotten so much better: do smaller businesses really have to worry about this?
Yes, they do. Cybercrime and scams are on the rise, targeting anyone from banks to social media platforms, as well as big and small privately held companies. When COVID emptied offices and sent employees to work from home in 2020, cybercriminals ramped up attacks on VPN and other remote connections which are especially vulnerable to security breaches.
2018 had more than 6,500 publicly disclosed data breaches. In 2020, according to TechRepublic, that number fell to 3,932 — but the number of exposed individual records grew by 141 percent, to 37 billion. It’s likely that centralized storage, cloud services, and slowly evolving cloud security contributed to the high number of records.
Cybersecurity professionals agree that run-of-the-mill antivirus software is no longer sufficient to assure network security even for small businesses.
It’s time to invest in the best cybersecurity you can afford.
How did it get to be this bad?
Many developments brought us to this place of increased cybersecurity risk, and that’s why it’s so important to take the matter seriously. New technologies like machine learning and changes in how we use mobile devices are some of the reasons why cybersecurity threats loom for companies of all sizes.
Here are some reasons why cyberthreats are rampant and cybercriminals often successful:
- More sophisticated cyberattacks: spyware, ransomware, and phishing scams have gotten very good at breaching data security measures.
- Social engineering attacks have become very sophisticated, and the use of artificial intelligence to flood servers and IT systems (once a hacker is inside) can lead to much more damage, much more quickly, once the malware is installed.
- Increase of hacking tools: The availability of hacking tools and programs means that even unskilled hackers can successfully breach corporate computer systems. The New York Times recently reported that ransomware software packages can now be purchased on the dark web, just like you’d purchase a piece of ordinary software online.
- The Internet of Things (IoT): More devices than ever are connected to the internet; estimates indicate that there will be 27.1 billion connected devices worldwide by 2021. Cybercriminals can exploit IoT device vulnerabilities if those devices aren’t secured properly, to hack into a company’s systems and steal sensitive data.
- The increase in the number of remote workers has not always been reflected in a company’s risk assessment or risk management policies. Remote work brings different security risks to businesses, which perhaps never before had to consider remote cyber security solutions.
- The proliferation of free wi-fi access at stores, malls and offices also demands a heightened level of IT security well beyond strong passwords.
Cybersecurity and compliance management tools
ZenGRC’s compliance, risk, and workflow management software is an intuitive, easy-to-understand platform that not only keeps track of your workflow, but also lets you find areas of high risk before that risk has turned into a real threat.
Worry-free compliance management is the Zen way. For more information on how ZenGRC can enable your CMS, contact us for a demo.