Cyberattacks can be disastrous for individuals and businesses alike that can cripple essential services as well as the loss of private and confidential information. As of 2021, Americans faced a massive increase in cybercrime.
There were more than 850,000 complaints for the FBI and losses of close to $7 billion. Cybercrime is a way to steal sensitive information such as medical information, interfere with computers and telecommunications, and cripple whole operating systems, making personal and business information unavailable.
Christopher Roberti, senior vice for cybersecurity, space, and security policies for the U.S. Chamber of Commerce, has been speaking to top administration officials as well as law enforcement officials executives, business leaders, and news media across the country on the threat to cyber security and risk management as well as cyber resilience in the course of National Cybersecurity Awareness Month. Please find out more from him on the top cybersecurity concerns.
What are businesses required to know about cybersecurity threats to cyberspace?
Thousands of companies are being attacked by criminal gangs using ransomware. Malicious malware blocks access to computer systems until payment is made to the perpetrator.
The attackers can be individuals, criminal gangs, or even hostile nation-states. The typical downtime for an attack with ransomware is 21 days.
Typically, it can take a company more than 280 days to completely recover from the attack. Companies are outnumbered, and law enforcement does not have the resources needed to keep pace.
It starts by acknowledging the factual reality. Any entity, whether small or large and private or government-owned, is protected from this threat. Every business has a high possibility of facing an attack from a highly sophisticated nation-state actor, no matter how small amount of resources it might allocate to cybersecurity.
It is also impossible for the government to take on these adversaries. In many instances, network operators in the private sector are targeted, and the private sector can provide the necessary innovation to identify and stop attacks.
It’s the right and ideal time for U.S. Government to act quickly against these cyber-criminal attackers and blatantly prevent their activities. The U.S. and allied governments must collaborate with private companies to tackle these threats head-on and develop an effective deterrent to malicious cyber-attacks.
Which are the top persistent cyber-security security threats to both individuals and businesses?
The two most frequent cyber-attacks are ransomware and BEC, or business breach of email (BEC).
Both usually employ social engineering to gain access to victims in their networks. Ransomware is the most widely-publicized cyber-attack on public institutions. However, in terms of financial cost, the fraud facilitated by BEC has proven to be more costly (if not as disruptive and dramatic).
In 2021 BEC’s Internet Crime Complaint Center (IC3) received 19,954 complaints related to BEC and losses of these incidents amounting to $2.4 billion.
Ransomware and cyberattacks have disrupted public schools as well as police departments, hospital systems, and the local government all across the United States. Researchers have detected 34 successful cyberattacks against local authorities, particularly this year.
Since September 13, at least seven states and local government agencies have been notified of cyberattacks. America’s second-largest hospital chain of nonprofits recently revealed that it is facing a cyberattack that affects locations across the country, which has forced ambulance diversions, system shutdowns, and scheduled medical procedures to be rescheduled.
Victims of ransomware-related attacks, BEC attacks, and traditional cyber-attacks (e.g., attacks that are designed to steal IP, and trade secrets, carry out spying, or engage in destructive or disruptive activities) each can have devastating impacts on the companies of the victims in the form of direct financial losses as well as brand damage, the loss of confidence in customers and, in some instances physical injury.
Despite the numerous adverse reports and dangers but there are steps every business – big and small – can follow to increase their risk of being targets and to prepare for a potential incident in the event.
How can companies, as well as individuals, best defend themselves from cyber-attacks?
These are steps that companies (and individuals) can follow to strengthen their defenses and increase their chances of full recovery in the event of an attack from ransomware or cyber:
Make multifactor authentication available across the organization. Strong passwords are essential, but multifactor authentication is when a password by itself cannot be used to access networks.
Install endpoint security to shield the network edge from a malicious activity known as a threat, such as antivirus, antimalware, and email filtering software.
Regularly update and patch network software in keeping with the latest manufacturer-supported versions.
Inform employees about clicking links within emails or texts. Employees should be taught to be aware of suspicious activities and be able to report transparently regarding what to do if they are receiving information that they suspect could be an untrue link.
Empower IT teams to make quick decisions to safeguard networks. Teams should keep safe offline backups that aren’t dependent on primary systems. IT teams must also keep an active inventory of the company’s IT assets and security configurations.
The company should establish a relationship with local police departments, the Cybersecurity and Infrastructure Security Agency (CISA), the Secret Service, the FBI, and others. It is the U.S. Chamber that can help members establish these vital connections.
Companies should always consider shifting their systems and networks to a “zero-trust technology.” This usually means giving them access to corporate networks for each session, with gradual access levels based on the user’s status and “need to be aware of.”
What’s being done on a national and local scale?
I want to draw attention to two critical processes at the local level.
The first was that Congress approved legislation that authorizes $1 billion in cyber-related grants to fund state and local cybersecurity improvements.
These grants, made accessible over 5 years, are expected to allow substantial IT modernization and investment in local government infrastructure and substantially improve the state’s cyber policy.
Then, in the season of CISA, the Cybersecurity and Infrastructure Security Agency will host listening sessions with the critical infrastructure and business community across the nation.
CISA is looking for input from the opinions of both small and large companies about the actions that both private and public sectors should take to bridge the gap between cyber-related incidents and ransomware attacks.
Which resources are there to find out more about it and safeguard yourself?
The CISA theme for the month of April is “see yourself in cyberspace.” The message for individuals and companies is to take steps to secure their online identity.
This includes updating your software (to the most updated manufacturer-supported versions), thinking before you click, using strong passwords or a password manager, and enabling multifactor authentication. According to CISA, the four steps can significantly lower cyber-related risk.