Malware is a huge problem for companies and government municipalities of all sizes. According to Verizon’s 2018 Breach Investigations report, 92 percent of malware is still delivered by email.
The Seattle PI’s Malware Hits Everyone From Small Businesses to Big Government. What Are You Doing About It? Indicates that the five industries most targeted for cyberattacks are:
- Financial services
- Information and communications technology
- Professional services
The problem extends to local governments as well. A study conducted by EnigmaSoft found that personal computers in America’s state capitals had, on average, 224 percent more malware infections compared to municipalities in the rest of their home state.
The statistics are a reminder that companies of all sizes, as well as local to federal government agencies need to have policies in place for employees that help combat malware and other cybersecurity threats.
According to a study by the Ponemon Institute, the number of cyberattacks against small businesses is on the rise. Of the study participants, 61 percent reported cyberattacks in 2017, compared to 55 percent in 2016, and this upward trend is only expected to continue. SMBs are hit particularly hard since they often don’t have the resources to combat malware threats.
Similarly, a nationwide survey conducted by the Hartford Steam Boiler Inspection and Insurance Co. reveals that 53 percent of the businesses studied had experienced at least one cyberattack in the previous 12 months. As a result of the attacks, 60 percent of those companies lost data and 55 percent experienced a significant business disruption.
The rising costs of security breaches
Cybersecurity threats and security breaches highlight the news on a daily basis. The costs for these attacks continues to rise:
- The cost of cybercrime damage is expected to hit $6 trillion globally by 2021. That’s up from $3.5 trillion in 2015.
- Ransomware, which we hardly even knew about in 2015, is projected to hit $11.5 billion in 2019.
- In 2019, one business will be hit by ransomware every 14 seconds.
While there are a variety of reasons that explain the ongoing threats, Upstate Business Journal’s Cybersecurity: Why aren’t we getting any better at it? offers five suggestions for how SMBs can protect themselves from cybersecurity threats:
- Mistakes by vendors: Work closely with your vendors to make sure that they are protecting your data. Discuss and implement security protocols.
- Limit employee access: Employees should have limited access to data, but enough to make sure that they can do their jobs.
- Install patches regularly: “How did Equifax lose 145 million Americans’ data? By not patching its servers, even when it was warned it was a target and told there was a fix.”
- Use encryption technology: It’s very important to encrypt email and company data. Use end-to-end encryption technology to make it harder for hackers to get at sensitive data.
- Use strong passwords and authentication technology: Employees need to create complex passwords and stop using standard ones like “1-2-3-4” and “password”. Using two-factor authentication is highly recommended.
- Employee training: Have regular training sessions that teach employees how to protect themselves and company data. Discuss current phishing techniques and let employees know that they are part of the solution.
CSO Magazine offers some eye-opening statistics about the current state of cybersecurity in Top cybersecurity facts, figures and statistics for 2018.
- Out of the 1,300 IT security decision makers surveyed for CyberArk Global Advanced Threat Landscape Report 2018, 56 percent said that targeted phishing attacks were the top security threat they faced.
- Seventy-seven percent of compromised attacks in 2017 were fileless, according to the Ponemon Institute.
- Ponemon Institute says that the average cost of a single ransomware attack at$5 million, with $1.25 million—a quarter of the total—attributable to system downtime, and another $1.5 million (30 percent) to IT and end user productivity loss.
- The growth of IoT devices has opened the door for hackers. A 2018 report from Trustwave states that only percent of those organizations consider their IoT security strategy to be “very important,” and more than a third think it’s only somewhat important, or not important at all.
Cyber Oregon partner blog post of interest
Author: Brian Edwards, News Editor
Brian Edwards is a Vice President at McKenzie Worldwide, a high-technology public relations, social media and brand development agency, and serves as the Cyber Oregon news editor. He has more than 25 years of high-tech public relations, social media and journalism experience.