Evolving Cybersecurity standards - It's time to wake up
2021, what a year we are having already. Just when you thought it was safe to go back into the workplace...
If you haven’t seen or heard, Cybersecurity standards and needs are changing as businesses change how they operate. We saw the adoption of mass remote working in 2020, and now a slightly more hybrid approach to things midway through 2021, as businesses start to reopen their doors and adopt a more hybrid approach (Remote & Office working). Now, if you keep up to date with cyberattacks, there certainly seems to be a direct correlation between the change in business operations and the amount of cyberattacks that we are seeing.
Reports reveal that attacks involving usernames and passwords increased a staggering 450% in 2020 from 2019
Of course, remote workers are not entirely to blame for the increased attacks that businesses experienced due to remote work, attacks were happening long before everyone was working from their bedroom/dining room table/sofa. Businesses had to think on the fly, and that usually leaves holes in whatever plan you work on. Lots of poorly considered guidelines and even poorer support for remote workers has also contributed to an increase in the number of cyberattacks directly associated with remote work.
205,000 businesses lost access to their files in 2020
How safe is your business network? Very few can answer those questions, why? Because it is not typically investigated. Networks and computers and tech are seen to...just work...until they do not, and then it is the end of the world. Sure, large companies typically have a security team or a large IT team that monitor and make sure that everything is running well, but the Small/Midsize Business (SMB) market usually does not. In the SMB space, I find that most people are already doing 2/3/4/5 peoples work and are already stretched thin, they cannot do any more than they currently do. That means there are lots of things that do not get focused on until it’s too late. Its commonly know that most Cybercriminals access personal and business data through exploiting unsafe network connections, and this has really been amplified by enabling staff to access company records through their basic home Wi-Fi. Even worse, through a public Wi-Fi access point.
We have also seen more and more personal devices being used to access company records. What are your company guidelines around what security should be in place on a mobile device before you access the company CRM solution? Do they even have any guidelines in place? We are finding that a lot are waking up or already have guidelines in place, but so many still do not.
68,000 new ransomware Trojans for mobile were detected in 2020
RANSOMWARE seems to be the buzz topic of the moment with major attacks happening daily/weekly. This is a serious concern. It is expected, that by the end 2021, cybercrime would have caused damages of around $6 Trillion, with most of that fortune being amassed by theft of data/locking systems and demanding a ransom to return the data or unlock the critical business system. Imagine everything you do on your computer today, not being their tomorrow. How would you do your job?
A company will fall foul of a ransomware attack every 14 seconds
Cybercrime is not just happening to big companies, SMBs are a target too. Why, surely the fortune is earned by bullying the massive companies? The SMB market, because of the above, make it so easy for someone to break into their infrastructure and cause havoc. The SMB market accounts for 43% of all ransomware attacks, a massive share.
Ransomware-as-a-Service? Really? This can be purchased for as low as $175 if you know where to look.
Recommended by LinkedIn
If you were not already worried, maybe you should be now? If you do not already have someone managing your company’s cybersecurity needs, it's time to wake up and get it sorted. There are many options. Sure, you can employee someone directly, have them join the company and have them manage everything, but that is not the only route to success. The rise of the Managed Service Provider (MSP), Cloud service provider (CSP) and Security-as-a-Service vendor, means that there are now more options than ever to help you adopt a secure approach to business with data.
How to curb cybersecurity risks -
First things first, you must develop and enforce a remote working policy that outlines the guidelines that everyone has to follow, and you have to be strong. The policy should include things like what systems can be accessed, what devices can be used, and easy to follow steps around how those devices are secured.
80% of companies who had a data breach, or a failed audit could have prevented it by patching on time or doing configuration updates
99.9 percent of hacked accounts didn’t use MFA
Set up a VPN to provide an alternative IP address when your employees access your corporate network.,
Of course, there is lots to think about here, but the general consensus is the same as its always been, make sure that you are doing everything you can to protect yourself from the inevitable. Do not be like others who have learnt the hard way, after the event.
I am always open to talking and helping and you can always find me via LinkedIn. If you want to start a conversation around cybersecurity, get in touch.
SecurEnvoy’s product roadmap really fits in with our predictions that by 2023, a new category of SaaS-delivered, converged IAM platforms will be the preferred adoption method for IGA, AM and PAM in over 45% of new IAM deployments – this is a huge opportunity for SecurEnvoy.
Michael Kelley, Gartner Research Director