May 21st, 2019 by Guillermo Fernandez
Despite the best efforts of IT Directors, 68% of companies fell victim to a cyber attack in the last year according to a report from Sophos1. That’s more than two in three companies world-wide! Cyber-attacks don’t discriminate either: 63% of small businesses (1-1,000 employees) and 73% of enterprises (1,001-5,000 employees) experienced a cyber-attack. While these are alarming statistics, the percentage variation from counties like Japan (24%) to Mexico (82%) indicates that there is something that can be done.
Are countries with stronger economies targeted less or are they better prepared?
Many CEOs think they are an unlikely target for attack because they believe they don’t have anything hackers want. In reality, hackers will indiscriminately target the “low hanging fruit.” In other words, small businesses are completely vulnerable, including those that are poorly protected by way of phishing campaigns and other techniques.
In another study by Datto2, the data indicates that no industry is safe but notes that 38% of manufacturing and construction companies report falling victim to a ransomware attack while 25% in the highly sensitive healthcare industry reported an attack.
How do organizations remain vigilant and reduce the likelihood of falling prey? The Datto report suggests there are three areas of focus that should be given equal weight for a company to reduce their risk.
Hope is not a strategy when dealing with cyber attackers. 66% of Ransomware attacks are initiated from phishing emails while 28% of cyber-attacks are launched because the perpetrator had access to the victim’s system by stealing their passwords. Updated anti-virus software is certainly an important risk prevention measure, but cyber-security software helps prevent ransomware encryption, which is a seriously damaging attack vector.
Employees are usually the unknowing partners of the cyber attacker, but education can help prevent most attacks. Many hosted applications can help identify high-risk employees and offer targeted online training.
The Sophos report reveals that it takes 13 hours, on average, for organizations to determine that an attack has taken place. By that time, most attackers are long gone – the payload has been deployed and the attacker has likely achieved the intended damage. Real-time detection ensures that a monitored security fabric helps identify and mitigate threats to all aspects of computers and networks.
The most important step a company can take to ensure the attackers fail is to have a great backup process in place. The City of Atlanta recently paid a $51,000 ransom, but this was the least of their worries. The ransom paid to the attackers paled in comparison to the crippling costs related to five days of downtime, estimated at $10 million. The attack impacted an estimated 6 million people who rely on city services in addition to the obvious impact on government employee productivity.
Additionally, organizations should invest in a strong virtual infrastructure to minimize downtime by implementing a recovery time objective that leverages a hardware agnostic recovery environment.
In summary, it’s foolish to claim ignorance when there is a nearly 70% chance some form of cyber-attack will impact your organization. There are clear steps organizations can take to minimize the impact. It’s up to leadership to take action.
So how vulnerable is your business? The best way to know is through a Van Ausdall & Farrar Technology Strength Assessment. It’s our 10 minute comprehensive assessment that helps to gain insight into all areas of your business technology. Don’t wait. Take the assessment today.
- 7 Uncomfortable Truths of Endpoint Security by Sophos.
- State of the Channel Ransom ware Report (2018) by Datto.