Ransomware has become a massive business which is making cybercriminals billions of dollars, annually. In fact, they have productised it as ransomware-as-a-service (RaaS) which allows entry-level cybercriminals to license powerful software to quickly execute attacks. Even more pervasive and potent are the proficiently organised RaaS cartels who are targeting thousands of companies each month. According to Keeper’s 2021 Ransomware Impact Report, after a ransomware attack, 77% reported being unable to access systems or networks as a result, 30% were down for a day and 26% were offline for up to seven days.
Failing to be proactive and work together against increasingly sophisticated cyberattacks can have dire consequences for businesses. New statistics, published in Keeper Security’s 2021 Cybersecurity Census Report, attest to the alarming reality.
Some 92% of UK organisations have suffered a cyberattack in the last 12 months, with well over two-thirds (72%) successfully breached more than once. However, fewer than half (40%) are actively addressing all of the weak links in their cyber defences.
The angles of attack are multiplying. Ransomware is becoming much more widely distributed and the barrier to entry is lowering, enabling criminals to easily license and use malware and ransomware.
The advancement and sophistication of technology are now coupled with an increased frequency of attacks and greater collaboration between cybercriminals. Companies must collaborate to defend against these threats.
Why it’s imperative to be honest and report attacks
Cybercriminals are outpacing organisations in the cyber arms race. Business leaders must change their mindsets to be transparent about breaches, share knowledge and help one another fight back in this invisible, but critical, field of battle.
Keeper Security examines the core issue: 36% of IT decision-makers have kept a cyberattack on their business secret. There are several reasons why they have remained silent and didn’t report it, but it is necessary – for everyone’s sake – to be honest and open about attacks in order to fend off future threats.
The lack of reporting is apparent due, in large part, to sheer embarrassment; no one likes admitting to a mistake. Second, those in charge might want to mitigate legal exposure from stakeholders in the event that a significant data breach results in either a series of losses or a class-action lawsuit.
Additionally, there are implications for a business’ brand and reputation to consider. This is all on top of the revenue losses and operating expenses arising from ransomware, which make up most of these attacks today.
Those facing the highest levels of risk are small and medium enterprises (SMEs) and small office/home offices (SOHOs), as they usually don’t have access to, or budget for, sufficient IT support. SMEs and SOHOs are the low-hanging fruit for cybercriminals. With so many within easy reach it doesn’t make sense for criminals to target the larger, better-defended players.
Bearing this in mind, the public and private sectors need to collaborate and come up with solutions to this exploding challenge, and SMEs and SOHOs have to get the support they require to survive in the cyberwar. Simple solutions such as password security systems and dark web scanning can be easily implemented, regardless of the size of the business.
Don’t be an easy target: fight back against invisible enemies
Cybercriminals are incredibly smart, well-financed – sometimes by state sponsors – and can be entrepreneurial and collaborative. There is not much difference between the most successful and tremendously impressive cybercrime companies and those that operate legally in the private sector; both earn billions of dollars a year. But cybercriminals are able to work together and stay a step ahead of those businesses, putting pressure on the fragmented defense mechanisms in place.
The dark web is where the cybercriminals operate, and in that encrypted ecosystem they can access over 20 billion stolen correct combinations of usernames and passwords – also known as login pairs. More than 80% of data breaches are the result of password security issues. Most people (60%) reuse weak passwords on multiple apps and websites, giving cybercriminals an opportunity to exploit.
Password management platforms – such as Keeper Security’s – that create high-strength, random passwords for every website application system are imperative for businesses. Other assets, like dark web monitoring tools, can detect when credentials floating around on the dark web match something on your network, allowing vulnerable passwords to be flagged and changed.
The 2021 Cybersecurity Census Report indicates that almost one-third (31%) of UK businesses will hold the chief technology officer directly responsible for a successful cyberattack on their organisation.
But blaming the CTO is ineffective. To stand the best chance of survival in the raging cyberwar, you need everyone doing their bit. There has to be c-suite buy-in and excellent cyber hygiene across the whole organisation. Fighting together is the only viable option in 2021.
For more information please visit https://keeper.io/protect
Five steps to boost your cybersecurity
1.Take accountability – from the top down
Cybersecurity is the responsibility of everyone in an organisation, not just the chief technology officer or chief information security officer or even the IT department. It requires buy-in from the board and business leaders, and cyber hygiene must be tested and improved regularly.
2. A password management platform is essential
Given that weak passwords are by far the number one reason data breaches occur, a password manager – such as Keeper Security – will immediately improve your cybersecurity.
3. Deploy a data breach tool
In addition to a password manager, a data breach tool enables businesses to know when a credential is compromised on the dark web, enabling them to change the vulnerable password before it’s too late.
4. Using a VPN is essential when working remotely
The rise of home working in the last year has led to poor cyber hygiene. As a bare minimum, all employees should use a virtual private network.
5. Be open and share knowledge
Cybersecurity software alone is not enough in this cyberwar: business leaders need to change their mindsets and keep abreast of evolving threats. A spirit of openness and collaboration will help boost cybersecurity against criminals, who are outpacing companies in terms of embracing technology and working together.