The latest information and business security report from global insurer Hiscox is full of startling revelations. The report finds that over a fifth of companies operating in the US and Europe are on the brink of bankruptcy due to the incessant spate of cyber attacks. Even several small and medium sized businesses in India have lost up to Rs 7 crore due to cyber attacks in the last year. These multiple strikes, orchestrated by criminal masterminds around the world, have continued to multiply in recent years as the pandemic has further catalyzed targeted attacks in key industries. There is an urgent need for a comprehensive, 24/7 risk mitigation framework, and organizations are beginning to realize this freezing reality.
With both costs and the threat matrix growing at a lush pace, even a standard investment in improving your organization’s cybersecurity architecture can work in your favor. However, the essence of this is to invest in the right cybersecurity tools that can effectively manage and neutralize cyberattacks on a day-to-day basis.
A Barracuda report found that 87% of Indian companies have had security breaches at some point, while 79% of them suffered at least one ransomware attack in 2021. The study also found that employees who mostly work from home had a significantly higher rate of network security breaches. In fact, companies in India that primarily operated with a “work from home” model had a network security breach rate of 91%, compared to 86% in companies that predominantly encouraged their employees to work from offices.
It’s no surprise that companies are losing vast amounts of capital to attacks. A recent IBM report concluded that the average cost of a data breach has now passed a record $4.2 million. Major incidents result not only in tangible costs like third-party forensics, IT overtime, and regulatory fines, but also in potential legal costs, customer churn, and reputational damage. The report points out that there are other important financial implications that SME owners may not immediately consider, such as:
- The cost of notifying customers after an incident
- Significant difficulty in attracting new customers
- loss of business partners
Organizations are also acknowledging the fact that working remotely during the pandemic has made them more vulnerable to cyberattacks. While employees working from home were more prone to click phishing Connections and engaged in other risky behaviors have forced many to invest in more cloud infrastructure during the pandemic. At the same time, the use of remote access infrastructures such as Remote Desktop Protocol (RDP) also multiplied and was abused by threat actors. These trends are in sync with the top attack vectors that appear in the report.
It is evident that organizations need to respond to these attacks by finding a more efficient way to protect against email-based social engineering attacks and misconfigured and unpatched cloud and remote access infrastructure.
Here are some cybersecurity best practices that may prove helpful in neutralizing key attack vectors:
- Comprehensive email security including advanced phishing and identity protection
- security awareness training Empower employees to detect Social engineering attempts more effective
- Multi-Factor Authentication on all sensitive cloud, RDP and local accounts
- Streamlined cloud-enabled remote access for employees, which is an improvement over older VPNs
- Incident response planning and regular testing
- Continuous cloud monitoring and remediation to ensure security policy compliance
- Firewalls for web applications to mitigate the risk of exploiting security vulnerabilities
- Cloud-Enabled Firewalls to block zero-day and other attacks
- Regular backups including a copy external and offline
- cyber insurance. Although premiums are increasing rapidly, companies with best-practice security controls may be able to get better deals and higher coverage
Cyberattacks are nothing short of a dragon-level threat to countless businesses. Therefore, investing the necessary time and resources to avert these eventualities and keep cyberattacks at bay is imperative.
The views expressed above are the author’s own.
END OF ARTICLE