Hacks, ransomware, and data breaches—the words have many things in common; the biggest is trouble. The damage created by a data breach, in terms of cost in time, dollars and reputation can be devastating.
For those skeptical souls out there, that believe cybersecurity isn’t that important, consider the following:
- Inc. Magazine reports that 60 percent of small businesses fold within six months of a cyber attack
- The Ponemon Institute believes the average cost is $194 per record
- According to IBM, it can take up to 297 days to identify and contain a data breach
- The massive 2017 Equifax breach took nearly two years to settle with the FTC at the cost of $575 million, up to $700 million. Not to mention the impact and inconvenience to nearly 147 million people whose data was compromised
These attacks are not limited to businesses. Healthcare and government facilities are huge targets for script kiddies, organized crime, and rogue nations as well. Oh, by the way, that 2017 Equifax breach? U.S. authorities have charged four Chinese military officers for the intrusion.
Welcome to the world we live in. The quote from Ben Franklin axiom that “an ounce of prevention is worth a pound of cure,” remains true.
What does a cyberattack look like?
One of the disturbing aspects of a cyberattack is the time it takes to identify and contain the issue. Sometimes the attack is immediately evident. For example, in a ransomware attacks, the hacker sends a pop-up message demanding a paid ransom to release the locked data.
Other times the evidence of a cyber intrusion is much slower to appear. For example, the convenience-store chain, Wawa, recently reported that their information security team detected an intrusion to their point of sale (POS) system on December 10, 2019, and stopped the breach by December 12, 2019. Still, the company believes the malware was collecting customer data as early as March 4, 2019.
Employees can often be a line of first defense if they know what to look for. Educated employees have an awareness of the symptoms of a cyberattack like:
- Slow Connections – Sluggish behavior is perhaps one of the most common signs your IT infrastructure is under attack.
- Unexpected Popups – Your system is almost inevitably compromised when windows pop up on their own, indicating that a remotely-based cybercriminal is using your network to open other files and sites.
- Mysterious Behavior – Changed passwords, unsolicited software installs, automatic mouse movements, and changed security settings are all indicators.
- Phishing – A compromised system may be used by a criminal to send phishing emails to company employees to trick them into revealing personal information
- Inability to Download Updates – Malicious programs on a computer can prohibit users from downloading essential updates that would make the system more secure.
- Unfamiliar Programs Running in Task Manager – If you open Task Manager or Activity Monitor and see unknown processes running or processes taking up a large amount of computing resources, you are likely compromised.
What can it cost?
IBM estimates that the average data breach costs $3.9 million and affects 25,575 records. The healthcare industry has the most expensive data breaches, costing around $6.45 million each. With these figures in hand, a simple math calculation gives us a low and high end of exposure between $152 and $252 per record.
How to prevent data breaches and cyberattacks
Almost all data breaches start in one of four ways:
- Accidental Insider – The employee accidentally accesses information they should not have permission to view, or accidentally clicks a malicious link.
- Malicious Insider – A person accesses and/or shares data with the intent to cause harm.
- Lost / Stolen Devices – Unencrypted, unlocked, unprotected laptops, smartphones, tablets, and other endpoints are lost or stolen.
- Malicious Outside Actors – Hackers use attack vectors to gather information from a network or individual.
The methods hackers use are:
- Stolen Credentials – These cause the majority of breaches
- Compromised Assets – Malware attacks that get past any system protection
- Payment Card Fraud – Card skimmers on gas pumps or ATMs to steal account numbers
- Third-Party Access – Malicious actors using third-parties to access your systems
- Mobile Devices – Provide opportunities for hackers to exploit unsecured or weakly secured systems
Prevention is better than remediation:
- Educate employees; they are your first line of defense,
- Patch and update software with the latest releases,
- Encrypt sensitive data and communications,
- Enforce BYOD policies, and
- Use strong credentials and multi-factor authentication.
Preventative steps are common sense ways to prevent a system break-in or data breach. But to manage it, all you need is a system in place to conduct an endpoint risk assessment. When you have a fleet of stationary systems, mobile devices, and other platforms, distributed throughout a building, across the state, around the country or world, it becomes vital to have the ability to do real-time device assessment and remediation.
The ability for organizations to inspect endpoints, respond immediately to issues, and collect and store forensic data for post-incident investigation can make all the difference in stopping an attack vector early or being a victim of cybercrime. All of these preventative steps are relatively low cost, and, in comparison to the exposure and impact of a data breach, the ROI is remarkably high.