If you are a small business, know these 9 cybersecurity facts to inform you of what is happening in 2023.
Cybersecurity is something we keep in mind whenever the news echoes some notable crime. A hospital sees all the information of their patients encrypted, and only by paying a ransom will they recover their data, and we mentally evaluate the probabilities of something similar happening in our company.
Once the media noise passes, we return to our lives until the next cyber disaster.
Although we may think otherwise, it is common for the victims of these events to be SMEs (44% of them suffered an attack in 2022). It could be an ex-employee angry about being fired, an intrusion through infection using airport Wi-Fi, or destructive malware (Early launch anti-malware) that blocks and destroys our website.
Without needing to stop sleeping, we must take measures that protect our assets and improve information security. Measures that will be more sophisticated to the extent that our systems are.
Today we have collected ten cybersecurity facts so you are informed of what is happening in 2023.
Cybersecurity Fact 1: Small and medium-sized companies are not spared from attacks.
For years, large corporations have been the main targets of cybercriminals. But having larger budgets and using more sophisticated technology made attacks on this group of companies more difficult.
This is how SMEs became their new direct target, lacking the personnel and resources to mitigate cyber-attack risks.
The fact of not believing that they are targets of criminals relaxes cybersecurity measures, which increases the probability of success of a cyberattack. Any organization that does not have adequate defenses is likely to be a victim.
Accenture’s ninth annual cost of cybercrime study confirms this claim, revealing that 43% of data breaches occur in SMBs.
Cybersecurity Fact 2: Phishing remains the most frequent cybercrime.
Verizon’s 2022 Data Breach Investigations Report found that 36% of all attacks were related to phishing.
The spread of teleworking during the COVID19 pandemic was an excellent opportunity for criminals.
Phishing, as a method of capturing sensitive information or financial information, injecting a virus as part of a ransomware attack, or just as a device control tool, increased by 11% in 2022 compared to the previous year.
Cybersecurity Fact 3: Email remains the number one access point for cybercriminals.
More than 3,100 million fraudulent messages are sent in the world every day. Many of them, the majority, are detected by spam filters.
However, a small part of them will reach the mailboxes of their recipients, confusing the recipient and, in some cases, infecting the system and achieving their objective.
This highlights the importance of cybersecurity training for employees to detect and remove suspicious emails before they become a threat.
Cybersecurity Fact 4: Business Email Compromise, a new challenge
BEC (business email compromise) is a type of phishing attack in which scammers impersonate a high-level employee and ask the victim to make an urgent bank transfer to an account controlled by the scammer.
According to the Anti-Phishing Task Force report for the second quarter of 2022, the average wire transfer request in BEC scams last year was $106,000 (about 92,700 euros).
Cybersecurity Fact 5: Ransomware is the most expensive cybercrime.
Ransomware is the most profitable cybercrime for cybercriminals. And this is due to the implications it has for the organization.
This type of crime has flourished in recent years thanks, in part, to the emergence of cryptocurrency, which allows transactions to be carried out with a rocky trail to follow.
64% of organizations under attack paid the ransom, but only six out of 10 got their data back. The remaining 40% not only paid the ransom but also never got the information back.
Cybersecurity Fact 6: Passwords are no longer a secure method of identification.
We have been using passwords to access devices and information for the last 40 years. And it has been shown that access through (exclusively) passwords is not secure.
That is why MFA (multifactor authentication) appeared and is becoming mandatory. Your bank did it, and Google, Adobe, Salesforce, and others will do it.
Among them, SMS, an insecure method due to the possibility of duplicating SIMs; tokens on the smartphone, such as Google authenticator or Microsoft authenticator, also not 100% secure methods due to the possibility of introducing malware; and FIDO (Fast Identity Online), which is being adopted by the big three Google, Microsoft, and Apple, based on a PIN or biometric data, such as a fingerprint.
Cybersecurity Fact 7: Your employees can be the best allies against cybercriminals.
Teleworking has brought numerous advantages. Employees appreciate the lack of travel and the convenience of working from the place they prefer, and companies reduce costs, but this means a significant increase in the chances of being a victim of an attack.
According to Gartner, 47% of companies will allow all or part of their employees to remote work permanently, and 82% will do so at least once a week.
Cybersecurity Fact 8: Telecommuting also brings new risks.
The first of these is the use of non-corporate devices and, therefore, that do not follow the company’s cybersecurity policy. Personal smartphones, laptops and desktop computers are used, for convenience or due to cost savings, as a means of accessing the corporate system. These devices then become a high-potential risk as a gateway to our system.
The second is access over unsecured networks, such as public wireless networks, which expose information and security to potentially harmful outsiders.
Finally, remote access represents a notable increase in the definition of access policies, installation of protection devices and software, maintenance, and verification of the entire system.
Therefore, employees who work remotely must be trained and familiar with cybersecurity elements, such as the use of VPNs, to avoid opening the door to unauthorized access to the network and other risks.
Cybersecurity Fact 9: 72% of small businesses still need an emergency plan.
Because they are not considered targets of cybercrime actions, SMEs do not have an emergency plan for these attacks either, making them an easier target and more exposed to the cessation of activities when this happens.
Most of the costs derived from an attack are due to the cessation of activity during the recovery time. Having a plan that isolates the problem and restores the activity, reducing non-working time, will mean fundamental savings within the problem we are facing.
Improvising means paying.
Cybersecurity Fact 10: Only 9% of companies have insurance that protects them from cybercrime.
As the complexity of the interconnection of elements in the network grows day by day, it is to be expected that this type of crime will also grow in the coming years. Despite this, only 9% of organizations currently have cyber liability insurance, and only 82% of organizations have increased their cybersecurity budget.
In my neighborhood, vehicle thefts were relatively common. And despite good cars parked on the street, criminals often preferred older vehicles because they had lesser security systems.
The criminal does not want to complicate life, and it will resort to a system in which the relationship between profitability and ease of attack is more significant.
Organizations must regularly monitor, evaluate, and improve their systems, whether through technology, staff training, or creating and enforcing policies and processes to avoid being the coolest car on the road.
Competencies critical to your protection
Given this scenario, developing specialists with solid skills is essential to reduce this type of crime.
During the last decades, the demand for qualified cybersecurity professionals has increased faster than the number of specialists. However, the Cybersecurity Workforce Estimate found that the gap between the need for and availability of specialists narrowed in 2021 from 3.12 million in 2020 to 2.72 million in 2022.
If your company does not have specialists on staff, count on A Governance and Cybersecurity Services Company for Information and Communication Technologies with a highly qualified team is the only guarantee to reduce the chances of being a victim of this type of crime.
