According to a research study conducted by Deep Instinct, the use of malware increased by 358% through 2020, and ransomware became an even bigger threat with its usage increased by 435% as compared with 2019. These startling facts make it abundantly clear that cybersecurity needs to be taken more seriously than ever.
More and more companies are seeing the digitization of their business model as the most important step without realizing and acting upon the risks that come with it. A recent example comes from Waikato Hospitals where entire operations came to a halt after a sophisticated ransomware attack crashed Waikato District Health Board IT and telecom systems. This unfortunate incident left no other option for the hospital but to cancel several hundred outpatient appointments and quite a number of elective procedures, while IT professionals were trying to figure out the source of breach and build the system back up. Waikato DHB chief executive Kevin Snee said the DHB has made a lot of efforts over the last year in improving the security infrastructure. But was that enough to stop the crisis?
Despite businesses trying hard on implementing stronger barriers and establishing strict IT policies, data security remains a challenge. This is mainly because cybercriminals are becoming more sophisticated than ever. They are constantly upgrading their knowledge, changing their targets and methodology of cyber-attacks for different organizations. They are getting more organized – even more organized than many big businesses.
While cybercriminals are constantly working to exploit vulnerabilities of network systems and maximizing their profits, many businesses have a self-destructive attitude:
We are a small business, we have nothing of value.
We are in an initial phase of growth, why would they target me?
We have strong IT policies in place, it will not happen to me.
We have insurance, why do we need anti-virus or any other security protocol?
Cybersecurity is not the top priority of many business stakeholders. Although they do take measures to tackle the possible threats, they underestimate the hazards associated with a breached network security and others just do not have the right resources to create a layered security solution due to limited budget or skill shortage. The denial or failure to evolve with the changing IT and security landscape is another major issue. In the Sophos global survey, 54% of respondents said cyberattacks are now too complex and advanced for their IT team to handle on their own.
The Waikato Hospitals incident is a wake-up call to all those people who are not taking cybersecurity seriously. The widely held view is that the heads should roll over the Waikato DHB attack, which seems unfair. The IT department would have done its best with the budget they have, following all the critical controls as defined by Computer Emergency Response Team New Zealand (CERT NZ).
It’s high time to ponder over the fact that cybersecurity is a team effort. Every employee needs to understand the data security risks and how to mitigate them. This should include regular security awareness training of staff. By educating employees on how their actions can play a part in cybersecurity, for example, how clicking on a single malicious link can expose your business to a devastating ransomware attack, employees will realize part of the problem and take proactive steps to prevent it.
A lot of people still reuse the same password for multiple or all accounts and do not use a password manager or multi-factor authentication. Giving your staff these tools will add an extra level of protection and they will be able to prevent data breaches.
Before implementing any network security measures, it’s important to have a clear understanding of your business’s network infrastructure. For instance, you should know what and how many devices are connected to the network, where they are connected, and how they are arranged throughout the network. This network mapping and security auditing will help you pinpoint any potential vulnerabilities and network loopholes that can lead to unauthorized access or ransomware.
According to Cybersecurity Ventures report, ransomware attacks cost businesses an estimated $20 billion in 2020, which is 50 times more than it was in 2015. Security is not fun. It slows us down in a busy world. It is a constant balance between working well as a business and being on top in terms of network security. Sometimes, this means that clients’ emails get blocked or some other false alarm but this is better than a 2 million dollar hit to the business.