As our world becomes increasingly digital and connected, the U.S. Congress recently approved the passing of the Hack the Department of Homeland Security Act of 2017, which is also known as the “Hack DHS Act.” According to the Act, which aims to enhance the country’s ability to receive cyber attack warnings before they occur, a “bug bounty” pilot program would be implemented using program participants who would identify and report cybersecurity vulnerabilities of internet-facing information technology (IT) to minimize said threats for compensation.
In an article for CNN, U.S. Senators Rob Portman and Maggie Hassan discuss the legislation with a hat tip to American revolutionary Paul Revere who, during the British invasion leading to the start of the Revolutionary War, notified the colonists of the incoming British. The senators, who are responsible for the legislation, say that our nation’s enemies are increasingly trying to invade the United States virtually through cyber warfare and cyber attacks — that cyber attack warnings are increasingly vital to our safety and security.
To put it another way, their message is that the U.S. government, private companies, and citizens need a Paul Revere for the digital age to give cyber threat alerts that can serve as cyber attack warnings.
Here are a few of the reasons why businesses and organizations need IT security alerts to warn them of impending cyber attacks and other cybersecurity concerns.
Why Cyber Attack Warnings Matter to All Organizations
1. Cyber Attacks are at Record Levels Each Year
According to the Verizon 2018 Data Breach Investigations Report, there were more than 53,000 incidents and 2,216 confirmed data breaches in the previous 12 month period. Some of the worst cyber attacks of the year included
- VPNFilter, which was a type of malware that was used to infect more than 500,000 routers worldwide.
- A ransomware attack on the city of Atlanta, Georgia, which brought down the city’s online services.
- Cyber attacks on the websites of 76 universities in 14 countries.
- Hackers stealing $13.5 million from the Cosmos Bank in India.
While it’s impossible to stop every data breach, malware, ransomware, or cryptomining attack, there are things you can do to help harden your cyber defenses and aid in a faster recovery time using managed IT services.
2. Cyber Attacks Cost Businesses Around the World Billions
One of the understatements of the year is to say that cyber attacks are a lucrative business for malicious users. According to the 2018 Cost of Data Breach Study: Global Overview by IBM Security and Ponemon Institute, the average total cost of a data breach is $3.86 million with each stolen record averaging a cost of $148. This is an increase of 6.4% over the previous year.
According to data from McAfee and the Center for Strategic and International Studies (CSIS) that was cited by IBM’s SecurityIntelligence website, “cybercrime cost the world between $445 and $608 billion in 2017. That is $100 billion more than the minimum worldwide cost estimated for 2014.” To estimate what a data breach could cost your organization, try using IBM Security’s Data Breach Calculator.
3. Cybersecurity Overconfidence Can Lead to Weaknesses
While it’s good to have confidence, it’s also equally (if not more) important to have caution. According to results from a survey of U.K. and U.S. businesses from the 2017 SolarWinds® MSP’s Cybersecurity Readiness Survey, 87% believe their security implementation is average or better than others’. However, when businesses or organizations are overly confident in their cyber defenses, it can result in areas of their defenses being overlooked. When this happens, cyber threat alerts may also be overlooked and cyber attack warnings may go unheeded.
This is particularly disconcerting because the survey goes on to share that “Less than 50% of businesses implemented new security technologies after a data breach” and that “14% did nothing at all.” This means that, rather than learning from the lesson and making the effort to increase their defenses, more than half of those organizations neglected to toughen their virtual perimeter.
4. People Are Both a Weakness and Strength for Cybersecurity
When it comes to people, they are both a blessing and a curse for cybersecurity initiatives. A lack of cybersecurity awareness and knowledge of best practices leaves businesses and organizations worldwide open to the lowest-level cyber attacks. Indeed, according to Verizon’s data breach report, 92% of malware is delivered by email. This means that employees or other users with access to a business’ network opened emails and engaged with harmful content, such as clicking on a link that then automatically downloaded malware onto their systems.
Organizations can increase their cybersecurity defenses by building a “human firewall” to stand strong when firewalls, antivirus, and anti-malware programs may fail. The four essential aspects of this human-based defense includes:
- Performing baseline testing to see how phish-prone your business is.
- Training every user in scenario-based exercises, traps, and demonstrations.
- Phishing users to on a regular basis to determine susceptibility and to adjust tactics.
- Test and fine tune the results of the penetration testing and phishing exercises.
As a trusted managed security service provider (MSSP) for businesses throughout the greater Los Angeles area, we think it’s important for every organization to have their own “Paul Revere” to call out cybersecurity dangers for them. This messenger of cyber attack warnings and IT security alerts, in this case, would be those individuals who are referred to as “white hat” hackers. These “good guy” hackers frequently work for MSSPs and fight on their side. Their job is to work against “black hat” hackers (malicious users) and provide the cyber attack warnings that we need by identifying weaknesses in your organization’s cybersecurity defenses so they can be addressed.
To learn where your cybersecurity defenses stand, please download our complimentary Cybersecurity Report Card by clicking on the link below.
If you’d like to share your thoughts or have questions, be sure to do so in the comments section below or send me an email to discuss this in private.