Every day is marred with cyber attacks. Whether it is a data breach, DDoS attack, credential theft or ransomware, these crooks are after you. What is their motivation? The bad actors are after financial gain, notoriety, influence or disruption. It could be politically driven, personal and lucrative.
The cost to organizations and individuals that experience these attacks is expected to reach $10.5 trillion by 2025. This is an increase of over $4 trillion in 2022. Cybercrime Magazine
80% of cyber crimes can be attributed to phishing attacks.
According to the 2022 Verizon Data Breach Investigations Report, the increase in ransomware resulted in 25% of all breaches.
The crooks are getting craftier too. Now there are emerging threats that target cloud platforms, IoT devices, e-commerce, supply chains, digital DNA and QR codes. They are using automated processes, bots and recruitment techniques to build their teams and fortify their attacks.
Who are the targets?
Statistics reveal that financial institutions, healthcare, and education are high target values due to the sensitive and personal information they hold. Any institution or individual can be within the sites of cyber miscreants. Lack of security of assets, inadequate end user education, outdated software and hardware, value of personal information and targeting individuals with the ability to move money are draws for these delinquents.
How can you limit your vulnerabilities?
- Taking a series of steps to protect people and assets is necessary. The losses associated with a cyber strike is huge.
- Protect access with strong and unique passwords and MFA
- Patch devices and software. Develop a plan to stay current.
- Provide end user training and education. Make this a ongoing and continuous cybersecurity awareness program.
- Limit access to assets based on least privilege and the need to know.
- Use secure processes to access accounts. Use a VPN and strong logins.
- Perform regular backups. Maintain an offline or immutable backup in case restoration becomes a necessity. Remember, even if you decide to pay the criminals for a decryption key this does not guarantee that the data was not stolen and may lead to a double extortion demand. Also, these crooks don’t use the best encryption tools so the decryption could still result in data loss. Finally, these culprits don’t have consciences so they can’t be trusted.
- Work with your managed service providers, vendors and internet service provider for assistance with implementing secure strategies.
Aside from the cost to recover from these attacks an organization may suffer personal losses, business continuity, data theft, legal liability, compromised resources and loss of reputation and integrity. Take the necessary steps to protect your institution and people from these villains. Everyone is a target. In the end, cyber criminals are lazy and looking for easy money. But you can lessen your chances by setting up some defenses. Security is a necessity, not an option.