Hacking Victims are Uncovering Cyberattacks Faster Than Ever—Here’s How
If you asked the average person how big of a problem cybercrime is, many wouldn’t put its size at a global price tag of $1.5 trillion. The ill-gotten profit from ransomware attacks, data breaches, theft of intellectual property, and other illicit activities has created an entity larger than the combined revenues of Facebook, Amazon, Apple, Netflix, and Google over the last twelve months!
Cybercrime is a massive enterprise and much more than script kiddies and “hackers in hoodies.” Cybercrime is used by organized crime, terrorists, and even less than friendly governments.
Need proof? The U.S. authorities have charged four Chinese military officers for the massive and highly publicized breach of Equifax, where the records of nearly 147 million people were compromised, in 2017.
And while the data breaches like the one at Equifax (2017), or Adobe (2019) that left 7.5 million Creative Cloud user records exposed seem to get the most press, it is the smaller, less talked about ones against government agencies and healthcare facilities that are possibly more hair raising.
In two lesser-known cases:
- Washington-based Grays Harbor Community Hospital and Harbor Medical Group were infected by ransomware, and hackers demanded a payment of $1 million to unlock their data. The total cost of the attack was undisclosed
- Twenty-two local governments in the state of Texas fell victim to a coordinated ransomware attack. The hackers demanded a $2.5 million ransom, which the state refused to pay. Remediation costs approximately $12 million.
Everything Is Escalating
Industry Week reported a massive increase of cyber-attacks in 2018, with ransomware attacks increasing 350 percent and spear-phishing attacks up 70 percent. Part of the reason for the rise in attacks is the ever-increasing “surface” available for hackers to exploit. There’s an exponentially growing number of global endpoints touching all facets of our lives, interconnected by an ever-expanding ocean of bandwidth, across wired and wireless networks (both WiFi and cellular), and the advent of powerful technologies like 5G, AI and machine learning.
Unfortunately, businesses, especially SMBs, have finite resources, and trade-offs must be made between investing in growing the business and investing in things like cybersecurity to protect the company.
This trade-off mindset is evident in a survey from McKinsey on how executives perceive cyber risks. More than half of the respondents believed that cybersecurity is a strategic risk for their companies. Yet, while more than most of the participants acknowledged that cyber is a strategic risk, most companies surveyed reported their capability to manage cyber risk was “nascent” or “developing.”
How Do The Good Guys Keep Up
So, in the face of all technological change, how do you keep up with it? And do you have any shot at protecting your data assets? PhoenixNAP, a global IT services provider, gathered over 30 expert predictions on cyber security that can help you prepare for cybercrime.
Like many aspects of business, the answer is in people, processes, and tools. Cyber Hygiene (which coincidently is number seven on the PhoenixNAP list) blends all three of these areas and is a solid foundation that could potentially stop “80 percent of all cybersecurity threats.”
Cyber Hygiene is defined as “the practices and steps that users of computers and other devices take to maintain system health and improve online security. These practices are often part of a routine to ensure the safety of identity and other details that could be stolen or corrupted. Much like physical hygiene, cyber hygiene is regularly conducted to ward off natural deterioration and common threats.”
A few key steps to implement a cyber hygiene program include:
- Document all current equipment and programs
- Hardware and peripherals or accessories
- Software and applications
- Analyze the list of equipment and programs
- Scrutinize for vulnerabilities
- Responsibly dispose of unused or obsolete equipment
- Consolidate programs to eliminate redundant functionality
- Create a cyber hygiene policy
- Password changes
- Hardware and software updates
- Limit user access to what the person needs for their position
- Backup data
- Employ a cybersecurity framework
And How They Get Ahead
One of the ways organizations get and stay ahead with a cyber hygiene program is through the use of an endpoint detection management system. Best in class management detection is cloud-native and combines advanced prevention, detection, and response capability across all endpoints on the network. The ability to monitor all endpoints from a single console, allows the security operations center (SOC) to stop known and unknown threats through big data analytics, and seamlessly unify with the rest of the security stack.