Are business owners neglecting cybersecurity?

Infected computer, cyber insurance
Many businesses are behind the eight ball in cybersecurity prevention.

 

Cybersecurity issues are frighteningly common these days. From spyware to ransomware, distributed-denial-of-service attacks to malicious downloads, their sinister plots have caused massive headaches for small and major organizations in the private and public sectors. In fact, during the previous six months, over 40 percent of information technology managers employed by government entities have experienced a breach, according to a survey conducted by cybersecurity company BeyondTrust.

Yet despite their frequency, polling suggests companies may not be doing all they can to stymie the development of these breaches.

The latest evidence of organizational ill-preparedness is in the financial services sector, among banks in particular. According to global professional services company Accenture, which polled roughly 300 senior security executives employed by banking institutions, nearly 60 percent admitted it would likely take them several months before detecting a virus or worm had penetrated their servers. The poll’s respondents would know, indicating that the banks they worked for experienced 85 “serious attempted cyber breaches” during the typical year.

Most businesses ‘confident’ in security strategy
This isn’t to suggest financial institutions aren’t taking proactive measures. Nearly 80 percent of senior executives in the Accenture survey expressed confidence that their cybersecurity strategies were, on the whole, effective. That being said, businesses have plenty of room for improvement, noted Chris Thompson, head of financial services cybersecurity and resilience at Accenture.

“Most cybersecurity assessment programs, while well-intentioned, are highly theoretical and based on known cyberattack practices,” Thompson. The reality, however, is very different. Fast-moving, dynamic threats are creating new challenges every day.”

Nearly 3 in 4 small businesses hacked in 2015
Small-business owners are similarly threatened, as hackers are increasingly setting their sights on these “soft targets,” hoping to catch entrepreneurs off guard. In 2015, for example, more than 70 percent of small businesses experienced a malware-related security breach, according to polling performed by Osterman Research of 308 IT professionals. Additionally, nearly 45 percent of companies were unsuccessful in preventing so-called “phishing” scams. These attacks are launched by hackers who pose as legitimate companies, when in reality they’re wolves in sheep’s clothing out to steal businesses’ financial data by sending malicious emails as bait.

Michael Osterman, principal analyst at Osterman Research, cautioned small-business owners against the notion that these attacks can’t happen to them.

“These findings fully debunk the frequent misconception that ‘my organization is too small to attract cybercriminals,” Osterman said.

Most cybersecurity experts caution against paying ransom, as there's no guarantee data will be unencrypted once demands are met.Most cybersecurity experts caution against paying ransom, as there’s no guarantee data will be unencrypted once demands are met.

“At least 200,000 computers have been infected by the ‘WannaCry’ virus.”

Latest ransomware assault felt in 150 countries
Scammers seem to be upping the ante with every attack launched. Earlier this spring, in fact, tens of thousands of businesses in roughly 150 countries were compromised by ransomware. A form of malware, these attacks are similar to phishing, in that they spread by clicking on links embedded within emails. But their effects can be particularly devastating, encrypting users’ data until these victims pay a certain amount – hence the “ransom” distinction. The Wall Street Journal reported at least 200,000 systems around the world were infected, including several household-name companies, such as FedEx, Nissan Motor Co. and French automaker Renault.

Health care organizations were adversely impacted as well, forcing hospitals to send many patients home because their servers were down, unable to access electronic medical records.

“The attack was global in reach, and its impact was significant,” said Michael Kaiser, executive director of nonprofit group National Cybersecurity Alliance. “When we see whole systems like the National Health System in the United Kingdom directly targeted, it reinforces how dependent we have become on our data-driven networks.”

He added that businesses and organizations can’t overemphasize the importance of being proactive, utilizing reliable cybersecurity strategies that provide reinforcements needed to slow or prevent breaches from taking place. Basic “cyber hygiene” protocols include changing passwords on a more consistent basis, updating software as soon as security patches become available and backing up stored data.

“We hope organizations around the world will see this attack as a learning experience and begin to engage in adoption of better cybersecurity practices,” Kaiser advised.

If there’s anything that’s worthy of a multi-layered protection approach, it’s cyberwarfare. Hackers are constantly refining their strategies, seeking for any and all vulnerabilities to exploit. Business owners are especially vulnerable, noted Brad Huse, regional sales director of commercial insurance at PayneWest.

“Business owners can no longer ignore or take a wait and see approach and if this risk isn’t aptly addressed there is potential for financial loss, reputation damage and business interruption,” Huse warned. “A robust and comprehensive cyber risk management plan and cyber insurance program is a necessity.”

PayneWest Insurance provides the coverage businesses need to overcome security scares, providing them with the provisions they need to remain resilient when viruses lead to production disruptions.