Having the right kind of information determines the survival or downfall of any institution, be it a business or otherwise. This is another way of saying that information is a powerful asset, which is why organizations keep it under lock and key with firewalls and other security tools, to mention a few. However, this has not kept intruders at bay because it has become a norm for reports to come out concerning data breaches around the globe. For this reason, it makes sense why cyber intrusions have become a global threat, and must be handled with utmost seriousness at all costs.
There are several key pointers that echo the seriousness of this issue. Some of these numbers have been pointed out by cybersecurity insurance companies such as AON Kenya. For instance, a few weeks ago, AON Kenya pointed out that up to 60% of small businesses and enterprises fail to perform their duties optimally within the first 6 months of unmitigated cyberattacks. What is more, 75% of these intrusions are carried out by outsiders, and up to 51% of unethical hacking involves organized criminal groups that are well funded.
It is highly probable that most business leaders and stakeholders understand what is at stake as far as cybersecurity is concerned, but oftentimes, taking the necessary precautions to keep threats at bay is dismissed until a catastrophe is imminent. Ideally, these intrusions are achieved in the simplest of ways, some of which are carried out so effectively it is almost laughable. Generally speaking, up to 62% of breaches feature hacking, and more than half of them employ malware. In the same line of thought, 81% of hacking-based intrusions take advantage of weak or stolen passwords, most of which are sourced from social engineering tactics. The success of social attacks has also been attributed to error of judgement and privilege misuse.
As mentioned, no one is safe from this vice. Most of these attacks seem to target financial organizations for obvious reasons, healthcare institutions and public sector systems, some of which have been experienced in the local scene and outside the country, among other key entities. It should also be noted that more than 66% of malware is installed via malicious email attachments with tempting filenames such as ‘salary review’ or ‘invoice.’ What is saddening that most of the affected organizations have the necessary tools to counter these issues, but it turns out that updated signatures alone cannot guarantee safety. Moreover, 63% of affected institutions are made aware of a breach by outsiders.
During the introduction of its comprehensive cyber enterprise insurance solution in late September 2017, AON Kenya pointed out that business that have not suffered a cyberattack are either sufficiently prepared to thwart threats, or are merely lucky. But the issue still reigns, and that is if businesses are really well prepared?
Notably, and for denial purposes, no business believes that the next wave of a cyberattack can affect them, until it happens. Affected parties have painted the ugly picture of a breach, and there is no way this can be made any clearer. It should, however, be known that malicious hackers are no longer hiding in poorly-lit rooms as popular media may point out. In fact, this belief gives a wrong impression that such actions target big organizations with malware to gain access, a façade that give small businesses the notion that data breaches can only happen to key industry players. On the contrary, cybercriminals have changed the game, and rarely fit into pre-conceived profiles of the past. These are very smart people, and can identify an opportunities using phishing techniques that pinpoint weak points to initiate an attack.
So, no, the notion that organization have the basics covered may not be accurate, at least, in theory. This is because some employees are still tricked by phishing. For instance, about 1 in every 14 persons were tricked to click on a link or attachment, and went ahead to be duped in more than one instance. These are some of the behaviors that make the activities of hackers easy, where they extend their vice by capturing and exporting data that does not belong to them or taking control of systems. At the same time, about 80% of hacking-related intrusions have leveraged stolen passwords or those that can be cracked easily, such as date of births, names of significant others, pets, to mention a few. That is not all; some institutions still rely on out-of-date security measures, and feel they are robust (especially if they haven’t suffered an attack). On the other hand, others have sophisticated systems, with layers and layers of security measures that it makes it easy for hackers to hide attacks in encrypted traffic.
This is why business have to understand the dangers of breaches, and build their defenses wisely. While it is apparent that intruders are deploying new procedures and tricks, the overall framework of their strategy is the same. Having a fine grasp of this framework is essential in selecting the best way of defending your business from cyber threats.