October is Cybersecurity Awareness Month and a good time for businesses to review their risk management plans, especially when it comes to cybersecurity with some estimates that businesses suffered 50 percent more cyberattacks per week in 2021.
Cyberattacks reached an all-time high in the fourth quarter of 2021, jumping to 825 a week per organization, according to Check Point Research data.
“Cyber-attacks on all businesses, but particularly small to medium-sized companies, are becoming more frequent, targeted, and complex,” writes cybersecurity expert Chuck Brooks. “Because of the new digital cyber risk environment, a security strategy for risk management is imperative.”
The White House’s 2022 Cybersecurity Awareness Month proclamation reminds people that cybersecurity is not limited to government or critical infrastructure, but that hackers target Americans and businesses every day.
“Cybersecurity is about protecting the American people and the services we rely on,” said President Joe Biden. “During Cybersecurity Awareness Month, we highlight the importance of safeguarding our Nation’s critical infrastructure from malicious cyber activity and protecting citizens and businesses from ransomware and other attacks. We also raise awareness about the simple steps Americans can take to secure their sensitive data and stay safe online.”
Since 2004, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) have led a joint effort between industry and government to raise cybersecurity awareness nationally and around the globe.
“The month is dedicated to creating resources and communications for organizations to talk to their employees and customers about staying safe online,” said the NCA. “Now in its 19th year, Cybersecurity Awareness Month continues to build momentum and impact … with the overarching theme for 2022: See Yourself In Cyber.”
The NCA says that cybersecurity need not be a complex and perplexing endeavor.
“It’s easy to stay safe online. While most of the cybersecurity news articles are about massive data breaches and hackers, it can seem overwhelming and feel like you’re powerless against it,” said the NCA. “But Cybersecurity Awareness Month reminds everyone that there are all kinds of ways to keep your data protected. It can make a huge difference even by practicing the basics of cybersecurity.”
The 2022 Cybersecurity Awareness Month campaign is highlighting four behaviors that can help strengthen digital security:
Cybercrime is costing businesses trillions of dollars each year with some predicting a worldwide total drain of $10.5 annually by 2025.
“If it were measured as a country, then cybercrime would be the world’s third-largest economy after the U.S. and China,” wrote Cybercrime Magazine editor-in-chief Steve Morgan in 2020.
Morgan says that the damage cost estimation of $10.5 trillion is based on historical cybercrime figures including recent year-over-year growth, the dramatic increase in nation-state-sponsored and organized crime hacking activities, as well as the continued digital transformation around the world.
Cybercrime costs include, according to Morgan:
Chuck Brooks in his mid-year 2022 cybersecurity report for Forbes notes that “despite another record year of breaches including Solar Winds, Colonial Pipeline and others, half of U.S. businesses still have not put a cybersecurity risk plan in place.”
This news also comes on the heels of research that shows in 93 percent of cases, an external attacker can breach an organization’s network perimeter and gain access to local network resources.
The damage that cybercriminals wreak on businesses can be devastating with the FBI reporting that since 2016, some $43 billion has been stolen through business email compromise.
“Worryingly, there has been a 65 percent increase recorded in identified global losses between July 2019 and December 2021. The report suggests that this increase can be “partly attributed to the restrictions placed on normal business practices during the COVID-19 pandemic” with many workers forced to do their jobs remotely,” reported Tripwire.
FBI recommends:
Chuck Brooks, this time writing for Homeland Security Today, says that there are several encompassing security strategies to evaluate, depending on your business’s requirements and threat posture.
“In our current digital environment, every company is now a reachable target, and every company, large or small, has operations, brand, reputation, and revenue pipelines that are potentially at risk from a breach,” writes Brooks. “Executives can no longer view security, both physical and cyber, as a cost accounting item. It needs to be prioritized as an investment in people, processes, and technologies. It really needs to be part of the company culture from top down.”
Brooks recommends the following strategies for cyber risk management:
“These three pillars of cybersecurity risk management need not stand alone. In fact, they all should be incorporated together in a cybersecurity framework strategy to identify gaps, mitigate threats, and build resilience in the case of an inevitable cyberattack,” concludes Brooks.
The recommendation(s), advice and contents of this material are provided for informational purposes only and do not purport to address every possible legal obligation, hazard, code violation, loss potential or exception to good practice. Dean & Draper Insurance Agency specifically disclaims any warranty or representation that acceptance of any recommendations or advice contained herein will make any premises, property or operation safe or in compliance with any law or regulation. Under no circumstances should this material or your acceptance of any recommendations or advice contained herein be construed as establishing the existence or availability of any insurance coverage with Dean & Draper Insurance Agency. By providing this information to you, Dean & Draper Insurance Agency does not assume (and specifically disclaims) any duty, undertaking or responsibility to you. The decision to accept or implement any recommendation(s) or advice contained in this material must be made by you.