Posts

cyber security locks with code background

Why Businesses Are Transforming Their Cybersecurity

Digital Transformation and The Cloud

In the wake of the pandemic and lockdown that followed, many medium and large sized companies have taken the time to upgrade their cyber security.

81 percent of businesses invested in accelerating and updating their IT infrastructure. This is according to a survey conducted by CensusWide and sponsored by Centrify. The purpose of the survey was to try and understand how IT spending has changed in the past six months since the Pandemic struck.

There have been numerous cyber attacks since the lockdown took place. Some of the most notable have included Twitter, the social media platform. On July 15, 2020, hackers used social engineering to gain access to high profile Instagram accounts like Barak Obama, Bill Gates and Elon Musk to trick victims into sending money to a specified address.

In the end, more than 130 accounts were impacted and the address received more than $110,000.

Cyber Attacks In 2020 Prove Security’s Important

Most recently, American healthcare company Universal Health Systems experienced a ransomware attack that impacted the systems of hospitals across the world.

Another health care organization was hacked in early October. Tennessee-based Community Health Systems was hacked in 28 states after millions of people’s personal information was stolen by cyber criminals.

It’s no surprise that the overwhelming majority of businesses have transformed their cyber security in the past 6 months. Medium and small sized firms are adjusting their IT infrastructure to reflect the need for digitally- driven systems. The Covid-19 pandemic forced firms to rely on remote operations to continue.

The data reflects this as well. 48 percent of organizations had to speed up cloud migration as a result of the pandemic. Business leaders took swift action when the lockdown came. Many quickly adopted cloud-based solutions or hired a managed IT services company to onboard their team in preparation for remote work.

However, the biggest issue was that many companies in a rush to ensure business continuity neglected cyber security. In fact, there were businesses and firms that were completely unprepared to migrate to a remote environment. As a result, they struggled to readjust when they could no longer work out of the office.

Remote Operations Are In Danger Without Cyber Security

This made firms carrying sensitive client information even more vulnerable to attack. And cyber criminals have taken notice. These rushed attempts to continue remotely has led to glaring vulnerabilities in security. Furthermore Cyber security incidents have spiked as result.

Cyber security company Malwarebites released an extensive report studying the effects of COVID-19 on business security. Company data and a survey with 200 cyber security experts concluded that remote workers were the cause of 20 percent of security breaches.

24 percent of respondents said their organization paid unexpected breach-related costs after shelter in place orders began.

Cyber Attackers And The Dark Web

On October 21, 2020 a cybersecurity company said it found a hacker selling the personal information of almost 200 million Americans. Much of the data hackers obtain start with a simple social engineering scam. The cyber thief sends a phishing email to an unsuspecting remote employee and they click on a link contained in the email.

In the CensusWide study, 51 percent of employees are making secure remote access a top priority. Contrary to this, 27 percent of organization IT leaders say that secure access to various teams, IT services companies and third-party providers is a priority.

Large firms were more concerned with cyber security than smaller one, according to the study. This is a bit alarming considering the average cost of an insider-related cyber incident is $7.68 million USD. An IBM and Ponemon Institute Survey showed organization with fewer than 500 employees spent an average of $7.68 million per incident.

Considering how so larger businesses are investing in cyber protection, that makes smaller businesses prime targets for hackers. What’s worse is that a January study showed that 43 percent of all SMB’s lacked any type of cyber defense plan.

Unfortunately, firms prioritize operation over security and leave themselves open to an attack that could cost them their business. 60 percent of all small companies fail within six months of a cyber attack.

There are those who believe they can withstand a cyber attack. However, they don’t consider the fact that even if a business pays a ransom or recovers from a breach, cyber criminals can still use  and sell their data on the darkweb. Dark web marketplaces like Joker’s Stash are infamous for selling social security numbers, credit card information and more.

Conclusion

IT experts and business leaders are understanding the importance of a resilient cloud strategy. Cyber security has become an important factor in transforming and modernizing IT infrastructure.

Larger firms were the first to invest in a digital transformation with medium sized businesses following behind.

Smaller businesses are now at their most vulnerable as hackers look for easier targets. But with so many organizations experiencing cyberattacks, protecting valuable client data needs to be a priority. Ensuring data compliance is key to securing sensitive client data. Nerds Support is a perfect place to start for a comprehensive cloud migration strategy that protects small and medium sized businesses and modernizes IT.

Businesses need disaster recovery plan to protect from cyber security attacks.

Why Cyber Security Needs To Be Part of Business Continuity

As governments and businesses struggle with COVID-19, their digital infrastructure and data systems are targets for cybercriminals. Now more than ever, businesses need to reconsider how they view cyber attacks.

Cyber Attacks Are Not Considered Part of Disaster Recovery Plans

Cyberattacks have more in common with biological attacks than other types of attacks. What I mean by that is, it takes a while to understand when and how an attack has happened. Government agencies and business owners must develop a new way of understanding disaster recovery. In a natural disaster like a hurricane, a fire or an earthquake, restoring infrastructure could require investing in reconstruction. Recovering from a cyber attack, however, requires a more robust approach.

When a business experiences some disaster, it should work to mitigate the damage and risk to its employees and the business itself. Unfortunately, there are businesses using outdated and vulnerable computer systems and that makes them more vulnerable to a cyber attack.

When , for example, a hacker attacks a financial firm for valuable information, restoring a secure network environment could replacing devices, a digital forensics investigation, and policy changes to properly contain it.

Cyber Attacks Are Getting Worse

We know cybercriminals are targeting hospitals and even private organizations with malware. In fact, over a third, or 34 percent, of malware based cyber-attacks during the first quarter of 2020 were ransomware attacks. Government agencies were hit even harder accounting for 21 percent of all malware attacks.

Ransomware attacks succeed because cyber criminals leverage unpatched systems and vulnerabilities left unattended by all of these institutions. Due to the lockdown in March 2020, IT and security personnel aim to support remote workforces as more business closed to avoid infection. Some companies were prepared for the transition but many companies in very vulnerable industries struggled to keep up.

In late April of 2020 Ransomware attacks shut down Parkview Medical Center’s IT Network in Colorado. This attack caused numerous IT network outages while they worked to treat patients for COVID-19.

A third party forensics team investigated the cyber breach and it may take months to understand the consequences of the breach itself.

Developing A Strong Business Continuity Plan

Building a proper continuity plan requires reevaluating priorities as remote work becomes the standard for many businesses. More and more industries are relying remote operations meaning hackers are using the resulting struggle and confusion to attack systems made vulnerable from the transition.

As we’ve seen, depending on the severity of the attack, it could lead to a variety of  problems like systems failures, power outages and huge disruptions.

In the event of a cyber attack a business leader should know:

  • When the call should be made
  • what information should be provided 
  • And how to create a cooperative environment between members of the company and cyber experts investigating the breach.

Make Disaster Recovery a Practice

After this is properly explored by the company, it should be communicated to all employees and tested frequently. You should always be testing, improving and adapting your disaster recovery plan so that employees and personnel in the company are aware of their role in resolving a breach.

This will go a long way in improving company culture and staving off a cyber threat.

Incorporating protocols addressing the steps your business is required to take in the event of an attack is pivotal. All businesses know (I hope) what to do in the case of a fire or a electrical outage. Unfortunately, not many have a measured plan for how to take on cyber attacks.

When developing a strategy answer these questions:

  • Who should I contact first?
  • How I do to identify what was stolen?
  • What measures are in place to prevent an attack in the first place?

Why Cyber Criminals Attack

Obviously, those are basic questions that won’t sufficiently prepare you for an attack but the point is business owners don’t even think about them. What tends to happen is a business owner will put off developing a disaster recovery plan for cyber attacks until an attack happens. From there on it’s a scramble and fumble to fix everything at once without a strategy. If you’ve ever experienced a cyber attack you know how chaotic it can be when it’s uncovered.  In some cases, hackers attack franchises like Wawa.

Other cases it’s large companies like DoorDash. But the most often, hackers target medium and small sized businesses. The reason is simple. Smaller businesses don’t have as many resources and might have weaker systems as a result. Furthermore, hackers assume they don’t have enough capital properly investigate a breach if it happens. And best of all, the target will be small enough that an attack will fly under the radar and go unnoticed by investigators and authorities.

Cyber-security needs the same level of care companies invest in all other aspects of operations. To be successful in repelling or avoiding these types of attacks. Incorporate cybersecurity into your business framework because society as a whole is more dependent on digital networks. However, both the public and private sectors have failed to actually improve on their cyber vulnerabilities.
As a result, the number of attacks on schools, hospitals, government agencies, continue to grow and attackers will continue to reap the benefits of a weak infrastructure. Nerds Support works along side its clients to develop comprehensive business continuity and disaster recovery plans. IT support companies and MSP’s, like Nerds Support, are the best options when establishing a secure remote environment, working to strengthen your IT security or grow your business.