Cyber News Roundup: 80% of Businesses Experienced a Cybersecurity Incident, What to Do

Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

If your organization has suffered a cybersecurity incident, you are not alone. In fact, 80% of businesses experienced a cybersecurity incident this past year, according to the latest report from Forrester Consulting. An article in Security Magazine, highlights the key – and very real – findings, including the fact that security incidents put customer privacy and safety at risk. With legal and compliance regulations hitting harder, the demands for cybersecurity reporting have intensified in recent years, and now, more than one-third of companies agree that they have lost business due to either a real or perceived lack of security. Increasingly C-level decision makers understand the value of effective security, and 82 % of decision makers agree that the way customers and partners perceive security is increasingly important to the way their firms make decisions.

Cybersecurity attacks can cripple small businesses that aren’t prepared. In a TechRepublic interview with security export Scott Logan, reporter Karen Roby outlines how cybersecurity is a big problem for small businesses who often don’t have adequate IT defense plans in place including infrastructure, services, solutions, and the right trained staff who can manage everything correctly. Logan outlines these inexpensive options for small companies to implement:

  • Invest in user training. A good social security awareness platform in place is key.
  • Disaster recovery plan in place. Logan says, “before [companies] start investing in a ton of security controls, make sure that you can recover from a threat. Make sure your backups are tested, and make sure that your disaster recovery policies and procedures are exercised so that you can recover.”
  • Understand your risks. Instituting a risk analysis program, including a risk assessment with a vulnerability assessment, will help you to understand where the weaknesses are.

What about your vendors?

Another level of cybersecurity organizations need to be concerned about – even small businesses — is your vendors. Do your vendors have a cybersecurity strategy in place? According to attorneys at Berman-Fink-Van Horn, an often-overlooked step in a company’s cybersecurity strategy is the failure to manage third party risks. In a Mondaq article, Jeffrey N. Berman recommends that a vendor’s cybersecurity strategy should address:

  • What steps does the vendor take to train its employees on cyber risks?
  • A description of its security program, including appropriate policies and procedures.
  • The administrative, physical and technical safeguards used and how they are maintained.
  • The vendor’s security breach procedures and incident response plan. For instance, how quickly will your company be notified of a data breach?
  • A representation that the vendor has cyber liability insurance.
  • A description of independent third-party assessments, audits or certifications.
  • Will the vendor subcontract any services or use other vendors? What data security steps will be taken?
  • Certification that the vendor complies with all applicable laws, regulations and industry standards.
  • Indemnification provisions in the event of a data breach.
  • An adequate definition of a security breach (this is often overlooked).

From small business, to enterprise, to government

Don’t take it personally. Every entity, whether it’s small business, large enterprise, or national government is at risk for cybersecurity incidents and attacks. With 4,000 ransomware attacks a day, “is certainly something that would be a key concern for the elections,” stated Anne Neuberger, director of the newly formed Cybersecurity Directorate at the national Security Agency (NSA), pointing to a key danger to the 2020 elections. In an article in The Hill, ransomware attacks have become a key issue over the past few months as various entities, including cities and school districts, have been hit by ransomware attacks, “in which the attacker encrypts an IT system and demands payment before allowing the user access again.

Neuberger emphasizes that the Cybersecurity Directorate will zero in on cyber and national security threats from countries including Russia, China, Iran, and North Korea. “We’re taking the same three-part approach: ensure there is threat intelligence, gain those insights, share that intelligence and be prepared to impose costs on an adversary when they attempt to influence our elections,” Neuberger said. 

Cyber Oregon partner blog of interest