This article was updated August 2018.
Cybersecurity breaches are often a result of improperly secured systems and a lack of user education and awareness—which means they can often be prevented with a more stringent cybersecurity strategy.
In 2017, there were more than 1,500 data breaches affecting 178 million records reported in the United States, according to the Identity Theft Resource Center. This represents a 44.7% increase compared to 2016. As of July 2, 2018, there were 668 reported breaches affecting 22.4 million records.
It’s important to note that these breaches aren’t only happening to large organizations. They’re also happening to small and mid-sized organizations, as attackers begin to target these entities more frequently due to their lack of sophisticated security controls.
Most reported breaches are due to hacking; email phishing; or malware, especially ransomware. In fact, ransomware, whereby an attacker locks or encrypts a victim’s data until a payment is made, has become one the biggest threats facing businesses and other organizations today. Statistics from the 2017 Kaspersky Security Bulletin show that a company is hit with ransomware every 40 seconds, which is up from every two minutes in early 2016.
One of the main delivery methods of a ransomware attack is through email phishing, which is a social engineering technique that uses email to deceive end users into providing sensitive information, such as:
- Social Security numbers
- Payment card information
A phishing email will typically use a Word, Excel, or PDF attachment to carry the ransomware program; once opened it infects the target’s computer. Some ransomware variants, such as WannaCry and Petya, were able to infect multiple systems at once and disable an organization’s operations for days, and sometimes even weeks.
The average payment is around $522 for victims who pay the ransom, according to the 2018 Symantec Internet Security Threat Report (volume 23); however, the costs can escalate quickly for larger organizations when multiple systems become infected.
But it isn’t just the ransom paid that can be costly. The city of Atlanta spent over $2 million to fully recover its systems from a ransomware attack in 2018. Regardless of whether an organization pays the ransom, the amount of time and money it takes to recover from these types of attacks can be crippling.
Protect Your Organization
So how do individuals and organizations protect themselves? The answer is part training and part technology.
The main reason ransomware attacks are so prevalent and successful is because end users unknowingly open infected emails and attachments due to a lack of user education and cyber-awareness, making these users the weakest link in any security program. As such, organizations can benefit from investing in providing training for these end users.
Awareness training is a necessary first step in any security program, yet many organizations don’t take it. This is often because it requires time and resources to establish and commit to a training program as well as the backing of an organization’s governing body, management, human resources department, and IT—which can sometimes overwhelm organizations.
Organizations should consider providing security awareness training for every new hire and instituting an annual refresher course for all employees. It’s imperative that organizations also employ other methods, such as a monthly email reminder or awareness posters in the break room, to frequently remind end users about safe computing habits.
Organizations must work to ensure their IT systems are current and include rigorous protections to deter and detect attacks, such as:
- Network infrastructure design and perimeter protections
- Anti-malware and data leakage strategy
- Security information and event management solutions
- Incident response procedures
- Backup and restoration processes
Once these systems are in place, organizations stand to benefit from having them tested annually by an independent and qualified third party to help make sure they’re implemented properly.
It takes time and commitment to provide the training and technology to protect an organization, but when done properly, it can greatly reduce the risk of a cybersecurity breach stemming from a ransomware or phishing attack.
We’re Here to Help
For more information on how to improve cybersecurity at your organization, contact your Moss Adams professional.