Last year, businesses experienced 50% more cyberattack attempts each week compared to 2020. The war in Ukraine has slowed ransomware attacks by 42%, but most cybersecurity experts are warning all businesses to stay vigilant. They predict this lull is just the calm before a dangerous storm as threat actors reorganize.
Ransomware Impacts Businesses of All Sizes
What was once only a worry for big business has now become an increasing concern for small and midsize organizations. As hackers get smarter, their targets get smaller. In Q4 of 2020, the median size of companies under attack was approximately 235 employees; in Q2 of 2022, the median company size dropped to 105 employees.
Small and midsize organizations store valuable data that can be ransomed or sold on the black market, yet their cybersecurity resources are limited, making their systems easier to breach. Hackers also know that breaching smaller organizations attracts less attention from law enforcement.
Every company that uses mobile technology engages with external partners or vendors, accepts credit cards or other forms of online payment, or stores confidential information is susceptible to a cyberattack and needs to take precautions.
Businesses may be at greater risk than they realize. The average ransom payment increased from $84K in Q4 of 2019 to over $800K in 2021. Installing antivirus software is a good start, but the best antivirus engines only block about half of the real-world daily threats.
Cyberinsurance policies may not be enough to save a business under a ransomware attack. Not all policies pay ransoms, and the costs to recover and rebuild after a ransomware attack include more than hiring a qualified incident response team. Companies must also factor in downtime, lost data, customer service delays, and the impact of exposing customers’ confidential data, all of which would be devastating.
As cybercrime becomes more common, organizations relying only on cyberinsurance take the gamble of facing even longer recovery times if they’re attacked. Insurance companies and incident responders’ resources will be stretched thinner under the barrage of increasing claims.
If businesses want minimal impact on their systems and structures from cybercrime, insurance and antivirus software won’t be enough. Effective business leaders must understand the threats and invest in adequate cyberprotection to remain viable in their industry.
The 4 Cybersecurity Basics Every Business Must Have
1. Immutable Backups
If your data is held hostage, do you have it stored in a second, secure location? Unlike conventional data backups, immutable backups are files that can’t be modified. In a ransomware attack or other data loss event, immutable backups instantly restore your assets and maintain regulatory data compliance requirements—without paying ransom fees to restore data. Data may still be compromised, but recovering it can keep your business running.
2. 24/7 Monitoring – EDR, MDR, and XDR
Endpoint detection and response (EDR) uses endpoint telemetry to continuously monitor end-users’ devices to detect and respond to cyber threats like ransomware and malware.
Managed detection and response (MDR) combines technology with hands-on, human expertise to provide proactive threat hunting, monitoring, and response and, in some instances, focuses capabilities on more than just endpoint devices. MDR analyzes and adapts to ensure infrastructure is secure. The best MDR includes advanced 24/7 security control, analytics, threat intelligence, and in-incident investigation and response deployed at the host and network levels. Proactively engaging MDR services identifies and limits the impact of cyberthreats.
Extended detection and response (XDR) extends the range of EDR to deploy more security solutions. XDR helps prevent security breaches by centralizing, normalizing, and correlating data from multiple sources to break down security silos and provide more visibility. This holistic protection increases insight into systems to detect breaches faster.
At a minimum, businesses should employ EDR and MDR. Adding XDR provides even more robust protection.
3. Multi-Factor Authentication (MFA)
MFA adds extra steps when there is an attempt to sign in to your system. If you’ve ever received an SMS with a code to log in to a system, you’ve used MFA. That one-time code you’ve entered ensures you’re authorized to access the system and helps prevent attacks. Some systems have more than one step, but even one additional step makes systems more secure. Extra steps create additional hurdles for would-be attackers.
4. Employee Awareness and Training
A company’s cybersecurity is only as strong as its weakest link, and all it takes is one employee—even a well-intentioned one—to cause that chain to break. Offer employee awareness and training programs to implement cybersecurity best practices, such as using strong passwords, taking precautions when downloading documents and clicking links in emails, and accessing sensitive files only from trusted devices.
The next wave of cybercrime and increased attacks on smaller businesses is coming. Now more than ever, taking measures to reduce cyber risk is critical. Confirm your organization is implementing essential cybersecurity best practices, and seek support from experienced cybersecurity professionals that offer state-of-the-art services. The prosperity and longevity of your businesses depend on it!
Art Ocain, CISM, MCSE, VCP, CCNA, Airiam’s VP of Incident Response, is a leader and IT business strategist. He specializes in resilience engineering, cloud architecture, incident response, cloud strategy, virtualization, server and network administration and security, business continuity planning, disaster recovery, designing storage solutions, network design, web server management, email server management, web application development, database management, and project management. Before his current role, Art was President and COO of MePush, a cybersecurity and managed IT company acquired by Airiam in 2021.