Do you get the uneasy feeling that your company’s cybersecurity risks have increased over the last year? If so, you’re right.
Not only are cyberattack volume and sophistication increasing, attack surfaces — what’s being attacked, how, and why — are also growing. Dramatically.
The luck of the little guy is fading fast
According one insurer, 47% of smaller businesses have suffered a cyberattack in the last year — and nearly half of those experienced multiple cyberattacks. Midmarket companies fare even worse: some 53% have experienced a data breach.
Don’t believe your firm’s smaller size helps it dodge cyberattack — especially if you have relationships with large enterprises. Attackers now see small/midmarket businesses as soft-target conduits into their larger partner companies. If you haven’t been attacked yet, either you’re lucky or you haven’t yet discovered the breach.
And if your enterprise has been one of the unlucky, you know that coping with a cyberattack/data breach isn’t cheap. Some 54% of cyberattacks cost more than $500,000 — an amount that can destroy even a robust midmarket firm.
What to worry about most
Chief among the cyberthreats currently keeping IT decision-makers up at night are:
Spear phishing attacks targeting employees
At least 90% of cyberattacks stem from phishing emails, malicious attachments, or weaponized URLs. A survey conducted at the 2017 Black Hat conference found that 62% of respondents expect AI/machine learning to soon be used in cyberattacks.
Malware (via advanced persistent threats) and web-based attacks.
Malware is evolving — fast. Some malware can elude sandboxing environments, some uses encryption to evade detection. Software and hardware supply chains are vulnerable, as are IoT (Internet of Things) devices. Self-propagating malware is so dangerous it has the potential to take down the internet.
Ransomware to cryptojacking
Despite the large volume of incidents, cybersecurity risk experts increasingly view the ransomware threat diminishing somewhat as cyberattackers focus instead on more profitable and harder-to-detect cryptomining/cryptojacking — the illicit mining of cryptocurrency through infected individual machines. Without the right cybersecurity technologies in place, the only indication you may have that your devices have been cryptojacked is slowing system performance.
What can help you
In 2019, genuinely effective cybersecurity is a cost of doing business and requires commitment from all stakeholders, employees, and partners, beginning with careful security planning and policy, extensive and ongoing employee training, and the continuous embrace of leading-edge cybersecurity expertise and technologies, which is often cloud-based.
If you lack cybersecurity expertise and technologies, get them now. Best bet: seek out an experienced, reliable managed security services provider with a track record of staying ahead in the cybersecurity arms race.
In my next post, I’ll describe five key cybersecurity capabilities you’ll need this year to stay in business. The good news: the right managed security services provider can deliver them all.