Cybercrime is Increasing at an Alarming Rate
It’s an unfortunate fact, but data breaches are on the rise in 2021. In fact, the FBI has reported a 300-400% increase in cybercrime during the Covid-19 pandemic alone. Some studies have shown estimates that 2021 will see cybercrime cost the global economy over $6 trillion as opposed to $3 trillion in 2015. The same report also estimates that a cyberattack will occur every 11 seconds in 2021. These numbers are truly overwhelming, and it’s clear that cyberattacks are going to become more prevalent as the year continues.
Two Cybersecurity CEO’s Weigh In on Recent Trends
Record Nations has reached out to two different tech CEO’s for expert commentary regarding data breaches and cybercrime. These individuals bring years of experience to the conversation, and offer some of their insights into preventing cyberattacks. This information is aimed at educating those on the corporate level, all the way down to the individual.
Chase Norlin is the CEO of Transmosis.com, and he’s a nationally recognized cybersecurity workforce developer and the creator of CyberOps. Providing military-grade cybersecurity protection for small businesses.
Rob Shavell is a privacy expert and his commentary has been featured in The Wall Street Journal, The New York Times, and The Boston globe for his expertise regarding online privacy. His company DeleteMe is at the forefront of helping individuals keep their data and personal information safe and private.
Some Common and
No one is immune to the dangers of a cyberattack. Chase mentioned the sad fact that around “60% of small businesses that were attacked or breached went out of business six months later.” Even larger vendors like Marriott International, as well as entire cities, aren’t out of reach.
In 2020, the City of Lafayette in Colorado was hit with a ransomware attack that cost taxpayers $45,000. In this case, it was deemed cheaper to pay the ransom than it was to try and fight back. Having a secure data backup can be beneficial in the face of a ransomware attack, but it doesn’t change the fact that the data has been compromised and exposed. Chase estimates that phishing and ransomware attacks are up nearly seven-fold in 2021, and the numbers continue to rise. Even as of this writing, a quick google search for “data breaches” will bring up results from Kroger’s pharmacy to Harvard Business School, and even the emerging social media app Clubhouse.
If there’s a silver lining to all of this cybercrime, it’s that as criminals and their attacks become more sophisticated, so do the measures to prevent them. Record Nations offers a variety of solutions that can help you keep your business safe from the increasing trend in cybercrime. These include cloud storage services, digital data backup, as well as document management systems. Many businesses are already moving in this direction, however both CEO’s were quick to mention that the first steps to good cybersecurity are prevention and education. Rob elaborated “The most fundamental thing is adopting a culture of privacy and security.”
A Few Questions on the State of Cybersecurity (Interview)
Record Nations: What is the most common form of data breach you’re encountering in 2021?
Chase Norlin: Phishing and ransomware. About 70% of these attacks happening in ransomware, in our understanding, are happening at the endpoint. The endpoint means the end-users computer. And that’s even more vulnerable now in this work from home environment. This is very organized cyber criminal activity. It’s not this idea from five or ten years ago where there’s this lonely hacker in a basement in Russia attacking you. It’s way beyond that now. They’ve got infrastructure, and a lot of resources, and a lot software/advanced hardware to perform much more sophisticated attacks. In a ransomware situation essentially what’s happening is they’re securing access to your computer, typically targeting through the endpoint. You clicked on a bogus email, you went to a bad website, somehow they got access to your computer.
There’s a host of scenarios that can lead to a ransomware attack. Usually a lot of these phishing attempts are using social engineering, meaning they’re pretending to be someone on the phone, or the email looks exactly like one of your colleagues. But the same end result right? It can lead to stealing of your data, what we call data exfiltration.
Rob Shavell: For individuals, it’s actively handing over permissions or personal info to third-parties. Either in the form of downloading malicious apps, or shopping online with iffy vendors offering what seems like a great deal. Holiday shopping in particular has been a driver of the latter; millions of people who otherwise would be going to brick and mortar retail have been transitioning to online shopping, and haven’t yet developed the basic awareness of how to distinguish safe from insecure checkout processes.
For companies, it’s some variety of social-engineering/phishing attack. Something as simple as a spoofed email from a colleague with links and attachments.
Record Nations: During the Covid-19 pandemic, we’re seeing more and more businesses switch to a work from home model or some type of hybrid. Does shifting to a work from home environment increase your risk of becoming the victim of a data breach?
Chase Norlin: Significantly! I’m glad you asked that. There’s a lot of stats out there, and I’ve seen some crazy numbers. I think ransomware is up 700%, since the beginning of Covid, and it’s continuing to rise. The issue, broadly speaking, is that you’ve got people working from home in these much more insecure environments and I think everybody knows that. Toggling between home and work, personal and business computers. You’re sitting on an unsecured Wi-Fi network, you’ve got multiple IoT devices connected in the home. It’s kind of a wide array of different potential attack scenarios that are unfolding against people working from home. This would typically be much more difficult to penetrate in a larger business environment or an office environment. Making it worse, these individual operators and small businesses are now the number one target for cyberattacks by cybercriminals today. In particular in this work from home environment, the big guys have offices and hardware and software combinations, and 24/7 security teams. None of that exists in the home. It’s an incredibly dangerous time as it relates to anyone working from home today.
Rob Shavell: Absolutely! People are often using personal devices with little/no security compared to hardened corporate networks. And data is migrated between devices across cloud-storage and home networks and being duplicated many times in the process. For years people relegated the most basic security tasks to an IT department who could apply a one-size-fits-all approach to the entire workforce. Now every person has to do that job themselves, and for the most part they’re not capable.
Record Nations: In your professional opinion(s), what can businesses do to better help their employees be more safety conscious when it comes to a potential cyberattack?
Rob Shavell: Many people will cite specific processes, like better passwords/changing passwords, shredding documents, or conducting regular security audits. The most fundamental thing is adopting a culture of privacy and security. The less information is shared, the less risk of exposure. The fewer people allowed direct access to sensitive information, the better. We find many business processes end up sharing far more than is actually necessary to complete basic tasks. The same is true for private citizens; the number of people we give our DoB, cell phone, and other data to is absurd. Consumers need to push back on companies asking for more access than they need.
Chase Norlin: Regularly change your password, not connecting random devices, watching out for a bogus website, email scams, running a VPN… There’s a host of ways to be more security conscious in general. Attacks are so sophisticated now, and so organized, but you need to go way above and beyond. I’m talking way beyond antivirus.There’s a misconception out there that antivirus will be enough to protect you on the consumer-grade. Yeah that’s good to have, but it isn’t anywhere close to what you need. Especially if you’re transacting online, because the risk and liability that you now carry as an individual or small business owner is so large. It’s not just from reputational damage. It’s this third party liability. Your partners all sue you, or larger vendors and customers drop you. Then you can’t transact. And on top of that, you’ve got the reputational damage when your customers find out that you were breached. These are catastrophic level events. You need to really be looking at more sophisticated solutions that can protect you, especially in a home environment. There’s ways to do that, and that needs to be happening because it is a statistical inevitability that something very bad is coming your way.
Chase Norlin: On cloud security I’m not an expert, but I’ll just tell you that everything is moving to the cloud. I think we all know that. And there’s a lot of very sophisticated cloud security providers that are providing security protection. For example, Microsoft or Google, are already very deep in providing a level of security that’s very high for utilization of their services for obvious reasons. Google is going to be spending a ton of money and time and expertise around protecting all their Gmail/G-Suite services. Same with Microsoft, because that’s the very basis of their service and customer base. The good news there, in my opinion, is that all of these service providers are already incentivized and naturally upgrading their cloud security. The threat, here again, is at the endpoint as it relates to the cloud.
Record Nations: What about data backup systems? Can that help you fight a ransomware attack or prevent one altogether?
Chase Norlin: OK, good question…. you want to do that regardless. Having a separate hardware backup is always a very smart idea no matter who you are. That’s really important from a data restoration approach. That’s not necessarily mitigating ransom because ransom has now evolved into extortion. Meaning “OK take my data, go ahead. I’m not paying the 50K ransom in bitcoin because I have my hardware backed up”. And their response is “OK we’re going to post all your data everywhere, we’re going to notify everybody, and your customers are never going to want to work with you again.” So that’s moved to extortion. It doesn’t necessarily protect you from the ransom, but it’s certainly better to have your data backed up than to not.
Bouncing Back from a Cyberattack
Based on our conversation, it’s a statistical inevitability that some businesses will face cyberattacks this year. That doesn’t mean that there’s nothing you can do. Adopting better policies and educating staff members is the easiest way to prevent a hack. The professionals agree that prevention is the first and most important step you can take.
“Number one is always prevention,” Chase says. “You have to have advanced software married to human intelligence, that’s the key.” Chase also strongly recommends carrying some form of cyber liability insurance. He sees this as one of the most innovative and exciting trends emerging in the data security sector. “It’s the fastest growing category of commercial insurance. I think it’s an inevitability that every small business will have cyber liability coverage.” He added “it can pay the lawyers fees right out of the gate, it can pay for the negotiation of the ransom fee, it can even pay for your business’s downtime.” He also mentioned that many states including New York and California are adopting stricter laws to force companies into taking a stronger approach to their cybersecurity. In some cases the hack or ransom may not put you out of business, but the fines and legal fees just might. He reiterated that this is likely one of the main reasons that a staggering 60% of small businesses can no longer operate after a data breach.
Record Management Solutions?
Please visit Record Nations to learn more about ways that we can help you and your business be more secure. See which options may be right for you. Start the process by filling out the form, using the live chat button, or giving us a call at (866) 385-3706. You’ll receive free quotes in minutes from top professionals in your area. Don’t be a victim, let us put you on the path to better data management.