Next Level Cybersecurity: Guidance From Two Great Dell Thought Leaders
In this recent webinar, Advantage Industries partnered with Dell to explore the current cybersecurity landscape, and how small businesses are struggling to manage it.
Given how often big-name data breaches make headlines these days, you probably think cybersecurity is only a concern for big businesses. Whether it’s Colonial Pipeline or Kaseya, the one thing they all have in common is that they’re operating on a scale much larger than your organization is.
Are you letting your small size give you a false sense of security?
You may have less than a hundred employees, but does that really mean you’re secure? In 2020, the rate of cyberattacks grew 400% compared to the previous year — the fact is that a rising tide lifts all ships. As cybercrime becomes more prevalent, your organization becomes a more likely target, no matter its size.
Discover more in this webinar on next-level cybersecurity with Mike Shelah from Advantage Industries and Jason Jones and Mark Beaton from Dell:
The Small Business Cybersecurity Dilemma
“It’s not uncommon to find that size of company without a firewall, or without backups,” says Mike Shelah, Advantage Industries.
For small businesses, the situation is especially dire. According to a study conducted jointly between Cisco and the National Center for the Middle Market, over 50% of small businesses have no cybersecurity strategy or plan in place and for those that do, most have not reviewed the plan in over a year.
A cybersecurity strategy and plan, once created and adopted, must be reviewed at least annually to ensure that current threats are being included. Cybersecurity is not a one-and-done solution; the threat landscape evolves at a rapid pace and frequent reviews ensure that the plan will help reduce an organization’s cyber risk profile.
The Growing Threat of Ransomware
Ransomware is a type of malware or trojan that infects a network and blocks access to data stored on those networks by encrypting all the files in a way that is difficult, if not impossible, to decrypt. The hackers who deploy the malware agree to provide a unique decryption key in exchange for a payment, usually in Bitcoin or some other cryptocurrency, making tracing and prosecuting the hackers difficult.
“Ransomware is completely different, and it requires completely different architecture,” says Mark Beaton, Dell.
It feels like we can’t go more than a few days without there being another ransomware story in the news. What used to be simply one threat present in the cybercrime landscape has now become the most clear and present danger to modern businesses.
Don’t assume we’re exaggerating this for effect — experts estimate that a ransomware attack will occur every 11 seconds in 2021. Here are just a few key examples, out of the thousands of incidents that occurred in the past year:
- Ransomware infects Colonial Pipeline, disrupts the US gas economy: A ransomware attack against Colonial Pipeline caused a widespread shortage of gas across the country. The encryption of the petroleum supplier’s systems forced them to shut down operations for a number of days, highlighting the vulnerability of critical US infrastructure to cybercrime attacks.
- Ransomware costs the Irish Healthcare System hundreds of millions: Health Service Executive (HSE) was infected with ransomware in May, and the ensuing ordeal levied a series of expenses, eventually reaching as much as $600 million.
- Ransomware takes Travelex’s global operations offline: A sophisticated ransomware attack took down Travelex’s systems in more than 70 countries for multiple days, timed specifically for when staff would be on holidays.
Are Hackers Hiding On Your Network Right Now?
It’s also worth noting that the nature of execution for cybercrime attacks has drastically evolved in recent years. Whereas cybercriminals would at one point immediately attack a target once they had breached its defenses, modern-day hackers are becoming more patient.
Sophisticated attackers sneak ransomware into a breached network and then lay dormant for weeks or months, ensuring their method of entry isn’t discovered right away. This gives them time to embed themselves, steal data, and more, all before they actually activate the ransomware and infect the systems.
“Typically they’re in there for about 120 days before the organization knows they’re in,” says Mark.
Without undertaking extensive forensic processes, an infected business won’t know how far back they need to go to backup their systems. Or, even worse, it will be so far back that they’ve already expunged those backups to make room for more recent versions.
The Necessity Of Cybersecurity
Is your cyber liability insurance policy giving you a false sense of security?
While it’s certainly wise of you to have invested in coverage against cybercrime-based damages, it won’t amount to much if you’re not complying with the terms of your policy. Even if you think you’re complying, there’s no telling if your insurer will cite an unexpected clause in order to avoid paying out your claim.
This is a more common occurrence than you might assume — businesses invest in a cyber insurance policy and either fail to follow its terms or are denied coverage based on something they failed to foresee. They get hit by a cybercrime attack, and it turns out they’re not covered.
Case in point: the National Bank of Blacksburg in Virginia was breached twice in two years, but, at the time, was confident in their cyber liability insurance. It came as a shock when their insurance provider, Everest National Insurance Co., opted to only pay $50,000 of the claimed $2.4 million on the grounds that the breaches were not covered by the policy. This resulted in further, costly litigation between the two organizations.
This is why cybersecurity is such an important investment. No matter how robust your insurance policy is, it won’t amount to much without a matching cybersecurity defense.
“You can’t afford not to do this,” says Mike. “When you have a breach, you go to file a claim with your cyber insurance company, it’s going to be denied.”
All this goes to show why you need to look carefully at the fine print of your cyber liability insurance policy and ensure your cybersecurity standards are up to par. You cannot assume you’re covered in the event of a cybercrime attack — you need to know for sure.
Furthermore, you need to make sure your business is properly protected against common and dangerous cybercrime methods. The better defended you are, the less likely you’ll have to rely on your insurance policy.
How Do You Know If You Are Secure?
Cybersecurity can be a complicated and scary subject that’s often ignored because of those same reasons. Most business owners cannot confidently claim that their business is secure.
Can you? Some of the questions you should be asking yourself include:
- Are my computers, servers, laptops and mobile devices secure?
- Is my network equipment secure? (Including Firewall, ISP modem, switches, and WiFi Access Points)
- Do I have appropriate Anti-Virus and Anti-Malware software installed on your systems?
- Are my desktops and servers maintained with regular patches and updates?
- Are my business’ passwords strong enough to prevent cybercriminals from figuring them out?
- Are my cloud-based assets secure?
- Are my employees informed about Security Threats and how to protect your clients’ data?
If it sounds like a lot to consider, well, it is. Modern cybersecurity isn’t a simple undertaking — but the good news is that you don’t have to handle it alone.
Need Expert Cybersecurity Guidance?
Don’t let your cybersecurity suffer, and don’t assume you have to handle it all on your own — Advantage Industries can help you assess your cybersecurity and develop a plan to bring it up to par with powerful Dell solutions.
You can start improving your cybersecurity in three simple steps:
- Book a meeting with the Advantage Industries team at a time that works for you.
- Let us assess your cybersecurity and address any vulnerabilities.
- Get back to focusing on your work, instead of worrying about your cybersecurity.