White House Open Letter Addressed to Private Businesses on Cybersecurity
In a rare open letter, The White House has urged private businesses to take the threat of cybercrime and ransomware attacks more seriously and voluntarily adapt security standards that are in place for federal contractors.
The statement follows a string of high-profile ransomware attacks that have caused a shutdown in operations for a gas pipeline in the in the Southeast United States. This interruption in the supply of petroleum has sparked a self-induced outage in gasoline from motorists buying gas in bulk. A more recent attack has also forced meat distribution facilities throughout the country to temporarily seize operations. These and earlier attacks have signaled to nations worldwide that cyberattacks pose a grave threat to governments as more and more of the targets involve critical infrastructures.
How Recent Cyberattacks Will Impact Small and Medium Sized Businesses
However, impacts from cyberattacks are not limited to large corporations and government entities. Small businesses are also an attractive target for cybercriminals. Smaller firms are typically not equipped to properly respond to cyberattacks and are more likely to pay a ransom compared to firms with IT security in place. A recent study, done by insurance provider Hiscox, has revealed that over 70% of U.S. businesses that have fallen prey to ransomware resolve the cybersecurity incident by paying a ransom. With the typical payout being over $300,000, smaller companies disproportionality suffer the most as a result of a cyberattack. One-in-six companies that were attacked in 2020 suffered a serious enough breach to threaten a company’s future viability. Paying a ransom does not deter future attacks either; the same study has also revealed that companies that have paid ransoms become repeat victims within the next 12 months.
Cyberattacks aimed towards businesses previously held information as hostage. However, recent attacks have signaled that cyber criminals have shifted their tactics from simply stealing data to disrupting critical infrastructure and businesses. To say that most smaller businesses will fail to financially recover following a successful cyberattack on their computer systems is not an exaggeration. Insurance companies are now also requiring businesses in certain sectors such as healthcare and finance to have cybersecurity insurance in place. The threat of cybercrime is now truly as real and destructive as an office fire. We are now in an era where cyber insurance is a necessity.
Email remains the most popular vector for cyberattacks, such as the cryptolocker. Hackers do not need to break into secure computer systems (as Hollywood might lead you to believe) to infiltrate a company’s private computer network and gain sensitive and valuable data. All it takes is for one unaware employee to click a link from an email or website disguised as a trusted source. In 2020, 94% of all malware is delivered via email. Businesses can benefit from a partnership with an IT provider that can help ensure that their cybersecurity infrastructure is in place.
Why Businesses Now Need To Have a Cybersecurity Budget
Cyberattacks and ransomware are getting more and more popular, and they are here to stay. Cyberattacks are no longer limited to sophisticated computer hackers. A recent trend of Ransomware as a Service (RaaS) has democratized cybercrime. Malicious actors no longer need to have specialized technical knowledge in order to execute a malware attack. There now exists software that automates most of the steps required for a successful attack. Given the high potential payout, it is no wonder that services such as RaaS have proliferated.
The existence of easy-to-use computer hacking programs should serve as very clear evidence that businesses must take cybersecurity seriously. No business is immune from cybercrime. Small businesses that have relied on their small size can no longer rely on security through obscurity that may have served them well in the past.
How Business Can Protect Themselves
Awareness and education remain the number one cybercrime deterrent. Small and medium sized business can greatly benefit from a security audit and phishing test. A phishing test is performed by an IT security firm or MSP on behalf of a company. In the center a phishing test are fake emails and websites that are disguised to look like trusted sources – such as a company login portal or web access to email. These fake emails and websites are then sent to a company’s employees. A phishing test can help reveal individuals at an organization who are most likely to click on dangerous email links and those who correctly identify and report the dangerous material. The results of a phishing test can form the basis of employee training that can help empower employees to identify malicious emails and emails and better protect the business.
Organizations who wish to get started with a cybersecurity audit can get in touch with us. We have helped many businesses across the Dallas Fort-Worth Area and beyond shore up their cybersecurity infrastructure. If the past years are any indication, 2021 promises to be a big year for cybercrime and malware.