For most, the month of October is all about goblins and ghouls, but there is another part of October that most do not know about (at least those not in the industry!). October is Cyber Security Awareness month. National Cyber Security Awareness Month (NCSAM) was started by the National Cyber Security Division within the Department of Homeland Security and the nonprofit National Cyber Security Alliance, the entire month of October is dedicated to raise awareness about the importance of cybersecurity.
Since Halloween is right around the corner, lets start off with a few scary cybersecurity statistics!
• According to Accenture, 68% of business leaders feel their cybersecurity risks are increasing.
• According to a study done by the University of Maryland, hackers attack every 39 seconds, on average 2,244 times a day!
• In a recent study conducted by IBM, the average time to identify a breach in 2019 was 206 days. In that same study, IBM also discovered the average lifecycle of a breach was 314 days (from the actual breach to containment).
• Ignorance is bliss, but not in this case! According to Varonis, 64% of Americans have never checked to see if they were affected by a data breach and 56% of Americans do not even know what steps to take if they were affected.
• Verizon’s most recent report states that 34% of data breaches involved internal actors (also known as Rogue Employees).
• According to Symantec Security Center IoT devices experience an average of 5,200 attacks per month, 61% of organizations have experienced an IoT security incident and 48% of malicious email attachments are office files.
• A study conducted by SafeAtLast found the average cost of a ransomware attack on businesses in Q2 of 2020 was $178,254. Downtime from ransomware events are now averaging 16 days (that’s more than two weeks of business interruption!).
• There was a 239% increase in ransomware attacks reported by Beazley clients alone, between 2018 and 2019.
• According to Verizon, 43% of breach victims were small businesses (that number is expected to significantly increase by the end of 2020), and Financial and Manufacturing services have the highest percent of exposed sensitive files.
• Smaller organizations (1 – 250 employees) have the highest targeted malicious email rate according to Symantec Security Center.
• Supply chain attacks are up 78% in 2019 (and this number is expected to grow exponentially in 2020) according to Symantec Security Center.
• Damage related to cybercrime is projected to hit $6 trillion annually by 2021 according to Cybersecurity Ventures.
• COVID-19 related topics in phishing emails are targeting remote workers. With more people working in less secure cybersecurity environments, attacks are more successful.
If these statistics have spooked you, I have done my job in raising awareness! There is some good news to this blog too. There are some cyber safety tips your organization can follow to help prevent cybersecurity attacks. But remember, the cybersecurity industry is changing frequently, and hackers are always one step ahead of the game. It’s not “if” your organization experiences some type of cyber-attack, but “when”. And when it happens, preparedness will go a long way.
Make sure your organization’s software systems are up to date and use a good anti-virus system. Have your employees do quarterly cybersecurity training, so they are proficient at identifying suspicious emails and recognizing signs of a breach. Scrutinize all electronic requests for a payment or transfer of funds, be extra suspicious of any message that urges immediate action. Confirm requests for wire transfers or payment in person or over the phone as part of a two-factor authentication process. Do not verify these requests using the phone number listed in the request for payment.
Ensure your organization is prepared for what to do in the event of a breach. Identify what data the organization has, and what is considered private information. Where is this information stored? Is it in a secure location (stored electronically or in a physical location)? Who has access to this information, and of all the individuals who have access, do all of them need that access? Outline an incident response plan for your organization. Outline the primary and secondary team members who are the points of contact and how to contact them in the event of a breach (making sure email is not the only point of contact). The team should include both internal and external members (refer to your Cyber Liability insurance policy for points of contact for external members, (IT forensics, restoration, legal, etc.)). The internal team members should consist of IT and legal, human resources department, finance, and any internal risk management team members. Do not make your plan too extensive, in the event of a breach, you do not want to waste precious time reading pages upon pages of a breach response plan. Most importantly, do not store this plan electronically! In the event of a breach, also log and maintain charts – keeping track of times, key dates of discovery, etc.
WA Group plays an active role in the insurance industry in assisting organizations place Cyber Liability coverage that compliments an organization’s needs while ensuring the coverage fits their exposures. WA Group is here to help you determine your exposures, your need for coverage (if you do not currently have coverage) and will answer any questions along the way!