It doesn’t matter what industry you’re in. These days, every type of organization uses computer systems and networks in one capacity or another. As a result, every type of organization needs to prioritize cybersecurity. With the recent surge in cyberattacks and the emergence of new data privacy laws, it's plain to see that cybersecurity is more challenging than ever before.
Ransomware Has Surged
You’ll see different figures depending on the source, but the consensus seems clear: ransomware attacks increased dramatically in 2020. According to Security Magazine, there’s been a 62% surge in ransomware attacks since 2019.
Ransomware attacks have also grown more sophisticated. Modern attacks can be highly targeted, and the ransom demands can be for massive amounts – sometimes seven figures.
Hackers have also been trying new tactics. For example, in January 2021, the FBI issued a warning regarding the Egregor Ransomware. If the victim refuses to pay the ransom to receive the encryption key, the data is published on a public site. This tactic means that even organizations with excellent backup protocols may feel pressured to pay hackers to prevent a data breach.
Other Threats Remain
Ransomware has been getting a lot of attention recently, and for good reason, but it’s not the only cyber threat out there.
According to the Internet Crime Complaint Center’s 2020 Internet Crime Report, there were 19,369 complaints of business email compromise schemes in 2020. These complaints were associated with losses of more than $1.8 billion.
Data breaches, denial of services attacks, and other types of malware are also key concerns for organizations.
Five Considerations for Your Cybersecurity Plan
Cybersecurity is an issue for all businesses, regardless of size or industry. Here are five things to consider as you develop or update your cybersecurity plan.
- Keep systems secure. Cybersecurity must address both human and technical exposures. All workers who have access to computer systems must be trained on how to spot and avoid phishing scams and other cyberattacks. Programs, systems, and networks must be optimized to mitigate threats.
- Don’t let remote work arrangements compromise security. According to a warning issued by the FBI, some organizations may not have been fully monitoring network access and privilege escalation because of the sudden switch to remote work during the pandemic, and hackers may target these organizations.
- Create a response plan. Although prevention is ideal, the prevalence of new and sophisticated attacks means this may not always be possible. Create a response plan that includes measures to assess and mitigate the threat and also covers issues of data breach notification, business continuity and associated costs, and insurance coverage.
- Comply with new data privacy laws. When a cyberattack results in a data breach, organizations must comply with various data privacy laws. These laws may apply if the owner of the breached personal data lives in an area where the law exists, even if the organization is located elsewhere. New laws have been passed recently, including the GDPR in Europe, the CCPA in California, and the SHIELD Act in New York.
- Use cyber benchmarking. Cyberthreats are always evolving. As a result, your cybersecurity practices need to keep evolving, too – otherwise, your organization may become an easy target. Comparing your organization’s performance to the performance of others can help you determine whether you’re keeping up or falling behind.
If you haven’t assessed your cyber insurance for your business or family office, now is a great time to review your coverage with your Heffernan Insurance Brokers agent. Contact us to start a conversation today.