In the first few months of 2017, ransomware attacks on businesses rose by more than 250 percent. The modus operandi of a typical ransomware attack involves an employee that clicks on a link in an email from an unknown or suspicious source. That link then installs malware into an employer’s network. This freezes employee access to all data and information until the employer pays a specified amount to the hacker. This astronomical increase in ransomware might be explained by the novelty and frequent success of this form of attack. But it also supports a greater conclusion that all forms of cyber threats are on the rise.
Organizations that remain skeptical of this conclusion should look at the facts. In the second quarter of 2017, for example, the number of phishing emails sent into corporation increased by 400 percent. During the first quarter of the year, botnet malware incidents increased by almost 70 percent. Firewalls and malware detectors can screen out some – but not all – of these threats.
Distributed denial-of-service (DDoS) attacks also grew. And the overall sophistication and methodologies employed to launch those attacks have become more virulent. In a typical DDoS attack, hackers take control of computers or Internet of Things (IoT) devices to make tens of thousands of networks calls on an organization’s servers every second. This volume of calls overwhelms server access and slows responses to a crawl. Hackers then make repeated requests for data and information on those servers. The impacted response time reduces the likelihood that the network’s anti-malware and firewall software will stop those requests.
Beyond the increase in just the number of cyber threats, the damage and losses caused by successful data breaches have been skyrocketing. Some of the biggest data breaches in 2017 include:
- An Xbox 360 data breach that impacted more than 1.2 million user accounts in February.
- 33 million Dun & Bradstreet corporate accounts, which were published across the web in March.
- The America’s Job Link data breach which lost more than 4.8 million accounts that included job seekers’ names, birth dates, and social security numbers.
- Approximately one million Gmail accounts compromised in a sophisticated phishing scheme.
- The now infamous Equifax data breach which leaked personal and financial information on over 143 million American consumers.
Given that many affected organizations do not publicize data breaches that affect them, the actual numbers may even be higher than what is reported.
Businesses can no longer afford to ignore this threat level. Nor can they fall back on older cyber defense mechanisms that are no longer effective in the modern threat environment. At a minimum, every business, regardless of size or industry, needs to:
- Improve its technology defenses.
- Implement a periodic employee education and training program to help employees recognize cyber threats.
- Prepare a strategy that can be implemented as soon as a data breach is detected.
- Develop a strategy which designates one-point person who manages all communications both internally and externally.
- And create a response plan which coordinates an investigation and network repair at the same time.
To the extent that not every cyberattack can be stopped, businesses should also procure cyber liability insurance. This vital service provides a source of reimbursement to recoup direct losses, third party liabilities, and expenses that are incurred as a result of the data breach.
A business’s comprehensive general liability (CGL) policy will generally not reimburse the targeted company for these losses. Any business that fails to procure this insurance is flying without a safety net in an increasingly dangerous cyber threat world.
Now that you know cyber threats are on the rise, it’s time to take action. What will you do to defend your company from harm?