The Allianz Risk Barometer 2022According to Allianz’s annual risk analysis survey, cyber risk was rated the most serious business risk ahead of natural catastrophes, business interruptions and pandemics.
Ransomware increased 93% between 2020 and 2021. This was a major cyber crime concern. But so were phishing attacks. Network and software vulnerabilities. Concerns about third party security. The safety of the supply chains from cyber attack. Apathy and burnout in the workforce who had the ability contribute to internal security practices lapses.
A Norwegian media company was one of the victims of cyber attacks. Shut down operationsA security breach occurred in December 2021. The perpetrator gained names, addresses, phone numbers, and other information from subscribers. Microsoft was Hacked in March 2021This has had a negative impact on over 30,000 organizations in the United States, including local governments and federal agencies. In 2022, cyber attacks are not expected to slow down. February 2022, 83 global data breachesReports of cyber attacks that resulted in 5,127,241 records being breached were made.
What Cybercriminals Are Targeting
Historically, cyber attackers have targeted the following industries: healthcare/medical; banking/credit/financial; government/military; education; and energy/utilities. These industries are popular targets due to their vital role in politics and the economy.
Healthcare and financial institutions contain confidential financial information that can be used to exploit financial details and personal information. Government and military agencies have crucial information that hostile governments would like to access. Educational institutions can steal intellectual property and research that others have stolen. Infrastructure industries like utilities and energy are prime targets for disruptions that could adversely affect large segments of the population.
Cyberbad actors can use many attack techniques, depending on their purpose.
Ransomware is a ransomware attack that locks down networks and systems, threatening businesses and governments with large-scale financial penalties. Phishing is a common problem in the financial sector. Hackers can make emails appear to be coming from consumers banks, making it appear that they are. This makes it easier for consumers to give their sensitive information. Recent attacks on the government and military sectors have resulted in sensitive information being accessed and networks breached. In the software supply chainThird-party software vendors inadvertently inject malware into the user’s networks. Cyber-infiltrators have hacked utility systems through IoT security camera installations on the premises.
Steps IT Can Take
Security software and technology practices continue their development in an effort to keep up with new cyber-attack strategies. This is a plus. As important, IT and companies can use basic blocking and tackling to keep their networks and systems secure and healthy. Here are five steps to follow:
1. Manage endpoints
Cyber-attacks increase as more IT moves to the edges and IoT devices connect to networks. This is due to the fact that many IoT devices are not adequately secured. IT is also finding it harder to control and monitor all these remote entry points into networks. Edge security software can improve your security if there is security risk at the edge.
2. Social engineering is worth your attention
Phishing, impersonating workers, and offering free benefits and services that entice employees open bogus emails and visit infected websites are all common. Scammers use many methodsYou can hack into networks and import malware.
There are also cases where disgruntled employees steal confidential company information, sabotage networks, or share passwords with other employees.
IT can also hire an outside auditor firm to conduct regular social engineering audits, including reviews of employee behavior, network usage policies, network security performance, and review of employee security practices. IT can collaborate with HR to make sure that new employees receive training and that employees are regularly updated on corporate security policies.
3. Regular IT security audits
As a standard practice, the IT budget should include allocations for an annual corporate IT security audit and for network vulnerability testing by an outside auditor firm on a quarterly base. Social engineering audits should occur at least every two years.
An expert security firm will perform outside security audits to ensure that security policies are current. A valuable source of information about security practices and policies that IT may not have yet discovered is an outside audit firm.
4. Vet your vendors
Every RFP you send to vendors should include security that meets your internal security and governance standards. Third-party vendors may be Weak links
Security that exposes your data to others. Always request a vendor to provide a copy its most recent IT security audit reports. It is best to find another vendor if the vendor is unable or unwilling to provide you with a copy of its most recent IT security audit report.
5. You might consider adding cyber risk insurance as an option to your company’s general liability coverage
Cyber risk insurance coverages are becoming more accessible to businesses as the insurance industry has become more knowledgeable about cyber risks. You might consider adding cyber risk coverages to your company’s general liability coverages.
It is important to note that cyber insurance rates are on the rise. Reports
Some lines of business are expected to rise by 30% to more than 50% in 2021. Some insurance companies are even reluctant to provide this coverage.
If you haven’t, now is the right time to talk to your insurer about cyber risk coverage.
Next:
Enterprise Browsers Promise Enhanced Security, Productivity
How CISOs Walk the Executive Tightrope
Cyberwarfare is the Battleground for Cyberinsurance