Cybercriminals aim at smaller firms and networks
When the federal securities agency tries to mandate reporting on data breaches and cyberattacks, you know it’s gone way beyond hackers and late-night Mountain Dew. Costs remediating data breaches are higher than ever, and insurance companies are reducing coverage and boosting premiums because of relentless cybercrime.
With more international data terrorists and data geeks, government and security analysts expect cyberthreats will increase against smaller and smaller networks and systems – even your small office network and smart-home systems.
Data breaches, ransomware, wire fraud, identity theft, and more are destroying trust in digital systems and pushing insurance premiums higher or eliminating coverages altogether. Forrester Research reported that 63% of business were breached in the past year. IBM’s Cost of a Data Breach Report 2022 reports that 83% of organizations studied had more than one data breach and 60% of them reported the breaches led to price increases to customers.
Nearly 20% of breaches occurred because of a compromise at a business partner, IBM reported.
IBM reported that globally, the average cost of a data breach increased to $4.35 million in 2022, the highest in the report’s history.
The Securities and Exchange Commission is seeking to enhance and standardize public companies’ disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting. The Form 8-K proposed rule change would require detailed reporting and disclosure of how companies are addressing cybersecurity issues.
Because significant and increasing amounts of the world’s economic activities occur through digital technology and electronic communications, the SEC worries that cybersecurity threats and incidents pose an “ongoing and escalating risk to public companies, investors, and market participants.”
Cybercriminals’ ability to monetize incidents through ransomware, stolen data black markets, and using crypto-assets signals more cybercrime. Digital payment growth and increasing corporate reliance on third-party service providers for IT and cloud computing means increasing frequency of cybercrime, the SEC says.
Large-scale cyberattacks have systemic effects on the economy, including critical infrastructure and national security threats, the SEC warns. Many senior management and board directors have called cybersecurity the “number one threat to business growth and the international economy in the next five or 10 years.”
Many smaller companies that have suffered cybercrime are out of business because of the cost of breaches. In addition to costs, companies experiencing cybercrime face tarnished reputations and share prices.
The U.S. Treasury Department reported that U.S. banks spent nearly $1.2 billion on ransomware-related payments, most commonly in response to breaches by Russian criminal groups.
The National Association of Insurance Commissioners said the cybersecurity insurance market saw premiums of approximately $6.5 billion reflecting a 61% increase over the prior year. U.S. insurers wrote about 80% of the direct premiums with loss ratios ranging from 9.2% to more than 130%.
While businesses are faced with raging cybercrime, their ability to insure themselves against it fades. A Forrester survey revealed only 55% of respondents have cyber insurance and less than 20% have coverage exceeding $600,000 – the median ransomware demand in 2021. Insurance companies hit with high catastrophe claims from hurricanes and wildfires are quickly shifting cybercrime coverages and even ending them.
Among the top defenses against data breaches:
Security awareness training
Make sure you and your team know not to pursue million-dollar payouts from Nigeria, believe threats that your Apple ID has been compromised, or respond to odd notes seemingly from your bank that suddenly, your account has been frozen.
These cruder strategies have become more obvious, but many unsuspecting or trusting computer users still fall for them. Threats like these also are becoming more authentic sounding because of corporate logos and other counterfeit images in messages that seem so real.
Don’t click on links inside of emails, check URLs to see where these emails are really coming from, and don’t believe everything on the internet or your emails.
Technology users rarely have software assets and depend on software access through cloud-based subscriptions. Software updates come from these centralized resources. Updates, though troublesome, have virtues of fixing security leaks, stopping known viral infections, and creating new complexities to throw hackers and cybercriminals out of the game for a while.
Even when updates sometimes mess up your system and add things you don’t expect, they are valuable fighting cyber wars.
Use a password manager
Many experts advise technology users to set up password managers. The idea is that the more complex your password the less likely it will be discovered by roaming software bots, those viral packets released by crooks. Of course, that means the less likely you’ll remember them, too.
Password managers store and activate passwords in allegedly secure files or environments.
They allow more complex barriers to criminals and help you avoid simple passwords that are easily guessed and acquired by hackers.
Use multifactor authentication
Multifactor authentication can be annoying, but it does help major e-commerce sites, business platforms, and your banks confirm it’s you before opening the pantry to your stored personal data, account card numbers, and order history. Take the time to use it and just practice memorizing six- or seven-digit codes so you can quickly enter them and access your platform.
Encrypt important assets
Whether your data is at rest, in motion, or in transit, don’t leave them naked. Don’t put sensitive information into emails or texts. If you have sensitive information stored in files or folders, cover them with a password.
Ban removable media
With cloud storage and office management systems common, don’t use memory sticks or discs (does your computer even have a disc player?) to transfer data. Of course, exceptions exist, such as camera photo uploads, but for most businesses removable data tools are weak links that open doors to viruses, malware, and ransomware.
Zero trust networks
Wherever your technology is connected ensure right security postures and policy engines are in place that limit access only to authorized personnel and equipment. No exceptions.
Virtual Private Networks are limited-access pathways to your computer or network. VPNs mask your internet details to make online activity untraceable and establish secure and encrypted connections on Wi-Fi networks.
They are great if you travel or access your system via public Wi-Fi. VPN-data tunnels scramble information so what you send and receive is private.
VPNs do require a separate application. Some antivirus software providers offer them, as do various third-party providers. Most corporate networks have VPN capability.
Get data breach insurance before it goes away. Some insurers are grandfathering clients if they get coverage before policies are ended. Costs likely will rise. Industry discussions are exploring new ways to insure against major maladies through risk-sharing cooperatives and more government involvement. The new insurance mantra is prevention and avoidance.
Unprotected computers and networks are vulnerable. Be prepared.