As we mentioned in Part 1 of cybersecurity considerations for 2023, continuous awareness, learning and improvement are critical when it comes to today’s digital workplace. The success of your business depends on strong protections to safeguard your mission-critical assets, your customer data, your machines and more. Remember, being adequately prepared if an attack threatens your business means you’ve already put offensive tactics in place – policies, procedures, tools and training.
Preventive actions are worth the time and cost you invest, because once you’re hit with a cybersecurity attack, a major data loss typically causes a company to go offline for an average of 22 days. This results in revenue losses ranging from $10,000 per hour for a small business to more than $5 million per hour for larger enterprises. Unfortunately, it’s estimated that 43 percent of businesses that don’t have a recovery plan go out of business after a major data loss, and some estimates put this risk as high as 60 percent.
Here are some more things to think about for the year ahead, including key considerations that relate to the infrastructure and technology solutions your business has in place.
The experts agree: creating a security culture is a must.
A continuous program of education and awareness among the users in your environment works to strengthen your cybersecurity plans. Simple mistakes made by your company’s users are still one of the biggest ways cyberattacks happen. In fact, about one-third of breaches can be directly or indirectly traced to employees, whether someone is simply tired or distracted, or they’ve intentionally attacked your company from the inside. When it comes to social engineering attacks, the only feasible option is to have your users aware of the threats and how to deal with them.
In addition, with the continuing prevalence of remote work, your employees may still be connecting to networks with unsecured devices, which can lead to users becoming victims of phishing attacks – the most frequent causes of breaches – because they’re working with other team members they don’t know well. They could fall for impersonation scams, give up passwords and even enable ransomware attacks. Another critical reminder – to prevent potential threats to your organization’s security, employees should never leave their devices unlocked and/or unattended.
Cybersecurity insurance is essential but increasingly more expensive.
To protect your business’s finances, cyber insurance is necessary, especially in the constantly evolving threat landscape. But for small and mid-size companies, this type of insurance has become much less affordable. In fact, in the U.S., the average cost of cybersecurity insurance has increased by 110 percent. So of course, many business owners wonder what they can do to keep their premiums down.
Start with an all-hands-on-deck approach. Show that your CEO is involved in tabletop exercises and that your board is engaged. Demonstrate that you have continuity in trained staff. Then assess your three estates: your enterprise network, your public cloud assets and your remote operations. In all three estates, insurers will look for gaps in software and infrastructure and weak devices and systems. Too many cracks will make you uninsurable. Equally important, they’ll want to know the security you’ve established around privileged user access because there’s a hot market for stolen admin credentials. In fact, the majority of ransomware attacks have been successful due to compromised admin credentials. Ask yourself: Are your cybersecurity tools simply defensive, or do they offer true protection?
The social engineering landscape has been extended and complicated by social media.
This is particularly true due to the extensive growth of social media and commerce. People will rely more often on indicators of trust – numbers of connections and how long the account has been active. These social media accounts can be stolen, which makes users open to fraudsters that use the accounts to scam people and organizations out of money. Note that scammers will also be prone to using the verification that’s for sale for a small fee on some social media sites.
Also to note is that phishing is the most popular avenue of attack for hackers because it’s relatively easy to trick people into clicking on malicious links. Most of these are sent by email – and 74 percent of U.S. businesses have fallen victim to phishing attacks, which is why the FBI issued a warning this year about the $43B impact of Business Email Compromise (BEC) scams.
Even worse, and recently featured in CyberheistNews.com, a new phishing attack has been discovered that people are calling “clone phishing.” This is when attackers follow up a legitimate email from a trusted sender with a replica (often spoofing display names), and saying they forgot to include a link or attachment. In this type of phishing scheme, attackers have access to a compromised email account within a business and use it to send malicious emails to other employees. To combat this type of hacking that’s tougher to spot, you need technical defenses combined with employee security awareness training.
Zero Trust has become more important than ever.
The core concept of Zero Trust is that no system should automatically trust another connecting system. With all the threats out there that constantly evolve, it’s no longer enough to slap a password onto something or set up a firewall or other perimeter. Studies have shown that using Zero Trust approaches result in 50 percent fewer breaches and that companies spend 40 percent less on technology because everything is integrated. And according to a recent Forrester study, companies that adopted Zero Trust were twice as confident in their ability to bring new business models and experiences to market. While preventing attacks is certainly desirable, making products and creating experiences that customers love is even better and what makes a company great.
Secure access service edge (SASE) is a framework for network architecture that brings cloud-native security technologies together with wide area network (WAN) capabilities to securely connect users, systems and endpoints to applications anywhere. This multi-part package of solutions offers much more than firewalls and traditional endpoint security, and it includes Zero Trust.
Questions? Concerns? We can help.
Whether you have an internal IT team, your team is stretched due to the huge shortage of skilled cybersecurity professionals these days, or even if you have no dedicated IT people on staff, Konica Minolta’s experts can help. For example, through the implementation, management and monitoring of next-generation endpoint protection, our Managed Endpoint Detection & Response services will help protect your business, no matter where your workforce is located – and even if they’re not connected to a network. Konica Minolta specializes in managed IT security services to help all types of SMBs with cybersecurity assistance and critical protection.
Find out more about all our cybersecurity services here.