Evan's Favorite Cyber Topics
This year marks the 17th year of recognizing National Cybersecurity Awareness Month (NCSAM). In 2003, when this initiative began, the tech industry was expanding by leaps and bounds and evolving into the extravagant and complex beast that it is today.
The Cybersecurity and Infrastructure Security Agency, who hosts NCSAM, has an abundance of resources located on their website but I wanted to bring two issues in particular to light: the importance of password authentication protocol (PAP) and educate you on the true threat of ransomware.
Importance Password Authentication Protocol
At Bagwell & Bagwell, we recently moved to single password authentication. As more services move online, there is a need for emphasis on password protection protocols to better protect our client’s information and help mitigate risk that could put our future in jeopardy. I would suggest that we all have risks at varying levels when we use technology.
According to an article published by LastPass, an online password management company, “Just under a fifth (18%) of IT and security professionals report that their organization’s current solution(s) is fully secure and doesn’t require improvement. This statistic suggests there is a pattern throughout industries and organizations - they do not manage cyber security exposures and threats as seriously as other business-related risks.
The article also stated that 67% of IT and security professionals agreed that password reuse or using the same password across multiple platforms is one of the top causes of cyber threats within an organization. The next focal point for the cybersecurity industry is to enhance the complexity of passwords, while creating a simpler and more effortless way for end-users to input their passwords and data. The question being asked by these technology professionals is, “How can organizations create an easy and efficient way to authenticate their employees’ identity, while enhancing security?”
Last Pass wrapped up their article by posting a survey of multiple industries. That survey identified what employees need as the end-user. The result was that 90% of the respondents stated they believe delivering a passwordless experience is the future for cybersecurity. Some solutions included biometric authentication, but that causes a challenge for organizations due to the expensive investment required upfront. There is not only the cost of the tangible hardware systems needed to supply passwordless authentication, but also the software and data storage that work in tandem with the hardware is often a subscription service.
There are several services out there like Last Pass that offer personal and business solutions for password protection. I highly recommend you check them out. I promise you will thank me when you only have one password to forget!
Increased Threat of Ransomware
According to a 2019 Data Breach Investigations Report, 43% of all criminal online activities impacted small businesses. Some of the most devastating claims originated from business email compromises (BEC). According to Pierluigi Paganini, most notably known as a member of the European Union Agency for Network and Information Security (ENISA), the total cost of cybercrimes for individual companies has increased 12% since 2017. Without ease of use tools like biometric authentication, employees and employers will continue their battle with effective cybersecurity protocols and the frustrations that come with those strenuous protocols. Without these processes in place, every business that has a computer, server, or online presence is at an unprecedented high risk for cyber-attacks.
America’s online presence has grown in 2020 and with that cyber criminals are becoming more creative on how to squeeze every dollar out of the information they are illegally obtaining. A goal of cybercriminals is not just to steal important, classified information and resell it but to hold it hostage. Cyber criminals are encrypting computers and servers of targeted organizations and forcing the information technology infrastructure into inoperable states and then demanding ransoms to turn the system back over. How long a business shuts down after a ransomware attack varies, but a Malwarebytes study found most businesses experience one day to almost two weeks of downtime. Human error is the main cause of data compromises. Here are 4 recommendations to reduce the risk:
Educate employees so they are on the lookout for phishing attempts.
Give employees access to the minimum amount of information that they need to do their jobs.
Use multi-factor authentication.
Back-up your business’s files.
Most importantly, create a culture where your employees feel comfortable coming to you if they made a mistake so you can quickly address breaches.
Cybersecurity measures and strategies for how organizations protect and regulate cyber risk are not going away. If anything, much like the rest of 2020, organizations and employees must reshape and reimagine how to mitigate their cyber security risks. As organizations push to more remote workforces, the risk of cyber threats is increasing drastically. With the increased risk of cyber threats, we encourage you to do your research and consult an insurance professional. Insurance carriers and insurance agencies are working together to help clients mitigate their risk through risk analyses, and by helping adopt proper procedures and educate clients about cyber liability policy options and what to do to help protect their organizations’ security.