Cyberattacks continue to impact businesses like yours because of the levels of sophistication, and lack of awareness of how at risk you really are.
Many businesses we talk with still think that “it won’t happen to us because we’re protected”.
Wrong, wrong, wrong!
Here are some very humbling statistics (out of many) reported from various sources in the past year:
- The likelihood that a cybercrime entity is detected and prosecuted in the U.S. is estimated at around 0.05 percent. (World Economic Forum)
- 64 percent of Americans have never checked to see if they were affected by a data breach and 56 percent of Americans don’t know what steps to take in the event of a data breach. (Varonis)
- 95 percent of cybersecurity breaches are caused by human error. (World Economic Forum)
- 54 percent of companies say their IT departments are not sophisticated enough to handle advanced cyberattacks. (Sophos)
- Approximately 70 percent of breaches in 2021 were financially motivated, while less than five percent were motivated by espionage. (Verizon)
- The average ransomware payment rose 72% over the last year, not including additional mitigation costs.
Repeat this statement to your boss over and over until it’s clearly understood: A financially motivated cyberattack on your business will happen, it will cost you, and it’s only a matter of when and what you will be able do about it when it actually happens to you.
Any business that sends email, connects to the Internet, or uses cloud-based software applications is at equal risk of being attacked. The ONLY protection from this is a strong cybersecurity IT solution to keep their business running.
At Cooperative Systems, we’ve worked firsthand with hundreds of cybersecurity IT solutions over the past three decades and believe it or not, the basics of an attack are still the same.
Successful cyberattacks almost always begin with a weak link in the chain using a form of social engineering, involving malware or compromised credentials, followed by hacking and payload delivery.
Based on recent trends, in 2023, we are most certainly going to see attackers using more advanced techniques, gaining crucial information from Internet Access Brokers (IABs) who specialize in selling remote access to criminals who then gain access, perform discovery, and mimic internal employees to invoke clever social engineering techniques, exploiting and coercing unknowing victims to provide highly confidential information and financial assets from within the company network.
Through fileless attacks, threat actors can evade detection by avoiding “known bad” indicators and now even application whitelisting even fails to restrict malicious users, especially for business applications.
Another disturbing trend is that we are also seeing an increase in rogue (often disgruntled) employees within the company becoming involved as they are incentivized by the attackers to assist in committing the crime.
[HINT: It’s NOT 2015 anymore!] Today’s most recommended Cybersecurity IT Solutions for Hartford and New England businesses
Don’t assume the security measures you put in place several years ago are going to be effective because this is where many companies fail and make themselves vulnerable.
IT companies such as Cooperative Systems can be hired to perform a review of your cyber resilience to help update your defenses and reduce your overall exposure to a financially harmful ransomware attack.
Here is a brief overview of best practices for small companies wanting to improve their security posture. At a minimum, a strong cybersecurity IT solution encompasses the following components:
- Implementing strong security policies including passwords, access policies, tabletop exercises, third party due diligence, and cyber-liability insurance
- Securing your network perimeter including firewalls and website security
- Monitoring your network including Active Directory and lateral movement prevention
- Protecting your endpoints including antivirus, email filtering, endpoint security, and malware detection
- Updating all applications including DevOps policies, patching and protecting management tools
- Protecting your aata including Personally Identifiable Information (PII), Backups, and Disaster Recovery Plans
Tactics to improving cybersecurity in 2023
Here are some steps that organizations with fewer resources can take to protect themselves and increase the chance of detecting anomalous activity before it becomes a disaster.
- Using behavior-based detection over signature-based detection tools
- Taking proactive approaches such as attack simulation and security control validation
- Implementing zero trust practices such as multi factor authentication and least-privilege access
- Putting a stronger focus on mitigating insider threats – making the assumption that the insider could be the attacker mimicking an employee
- Conducting regular threat hunting with Managed Detection and Response (MDR) solutions
While I could write several more pages and go into much deeper technical detail to explain the cybersecurity IT solutions of tomorrow and why you should consider them, not all SMBs have the same risk profile, so there is no one-size-fits-all answer for SMBs.
For businesses in the metro Hartford and Boston area, Cooperative Systems will walk you through a business aligned approach to your security posture and help you navigate through the 2,000+ product labyrinth of cybersecurity IT solutions available today.