What to know about the current cybersecurity landscape
It should come as no surprise that cybersecurity concerns are top of mind for many business owners. Recent years have seen an increased frequency of attacks, as well as exploited vulnerabilities in the digital supply chain. The rise of remote working and other pandemic-era innovations also have opened new avenues for cybercriminals to exploit. Businesses are feeling more pressure than ever to ensure they keep their organization cybersecure.
This sentiment was underscored in Nationwide’s recent Agency Forward survey data. Two-thirds of business owners indicated they are concerned about cyberattacks impacting their operations. This includes 79% of mid-market business owners (a 12-point increase since 2020) and 53% of small business owners (up 15 points since 2020).
It is essential for businesses to understand the cyber threat landscape, as well as best practices they should consider implementing to achieve more effective cybersecurity.
Common Cyber Threats
As cyber threats change, it is important for businesses to stay up-to-date on the latest techniques cybercriminals are using to exploit businesses. Here are four cyber threats to be aware of.
- Phishing – Phishing is a form of social engineering. During a phishing attack, cybercriminals use emails or malicious websites to solicit sensitive information about a business from an individual by posing as a trustworthy person or organization. Once an individual responds with the requested information, cybercriminals can use it to access accounts and systems to steal funds or information. Because they rely on human error, phishing attacks are often the gateway cybercriminals use to launch additional cyberattacks on an organization.
- Malware – Malware, also known as malicious code or malicious software, is a code inserted into a system to compromise the confidentiality, integrity, or availability of data and systems. It is done secretly and can affect your data, applications, or operating system. Malware has become one of the most significant external threats to systems. Malware can cause widespread damage and disruption, which requires huge efforts within most organizations to recover. Examples of common malware include viruses, worms, Trojan viruses, spyware, adware and ransomware.
- Ransomware – Ransomware is a type of malware cybercriminals use to infect computers and encrypt computer files until a ransom is paid. After the initial infection, ransomware will attempt to spread to connected systems, including shared storage drives and other accessible computers. If a cybercriminal’s demands are not met, the files or systems will typically remain encrypted and unavailable for use, causing a significant business interruption. Even after a ransom has been paid, cybercriminals will often demand additional payments, delete an organization’s data, refuse to decrypt the data, or decline to provide a working decryption key to restore access.
- Denial-of-Service (DoS) Attacks – A denial-of-service (DoS) attack occurs when legitimate users are unable to access information systems, devices, or other network resources due to the actions of a malicious cyber threat actor. Services affected may include email, websites, online accounts (e.g., banking), or other services that rely on the affected computer or network. A denial-of-service condition is accomplished by flooding the targeted host or network with traffic until the target cannot respond or simply crashes, preventing access for legitimate users. DoS attacks can cost an organization time and money while their resources and services are inaccessible.
Establishing effective Cybersecurity
Establishing effective security is essential for businesses to protect against cyberattacks. Below are six of the key security controls key that are recommended by experts and cyber liability insurance underwriters.
- Multifactor Authentication (MFA) – Multi-factor authentication is a layered approach to securing data and applications where a system requires a user to present a combination of two or more credentials to verify a user’s identity for login. MFA is known to increase the security of computing device, network, or database because even if one credential is compromised by a cybercriminal, they will still be unable to meet the secondary authentication requirements. It is best practice for organizations to enable MFA for all remote access to their network and applications, all admin functions within the network, and any enterprise-level cloud applications.
- Endpoint Detection and Response (EDR) – An endpoint refers to a remote computing device that communicates with a network. Common examples of endpoints that businesses use include, desktops, laptops, smartphones, tablets, servers, workstations and internet-of-things devices. Cybercriminals often target endpoints because they are gateway to corporate systems and data. As remote work becomes more common, it is important for organizations to effectively manage endpoint security.Thankfully, more organizations are turning to endpoint detection and response (EDR) to help mitigate threats. EDR refers to a category of cybersecurity tools used to detect and investigate threats on endpoints. While EDR tools vary by vendor, they commonly provide detection, investigation, threat hunting and response capabilities. EDR solutions are essential because they continuously monitor for suspicious activity. They then generate alerts to help security professionals to investigate and remediate issues. EDR tools also collect telemetry data on suspicious activity within systems that can be used to provide insights into additional security risks.
- Patch Management – Patches refer to software and operating system updates that address security vulnerabilities within a program or product. Software vendors may choose to release updates to fix bugs, as well as to provide enhanced security features. From a cybersecurity standpoint, a consistent approach to patching and updating software and operating systems helps limit exposure to cyber threats. Accordingly, organizations should establish a patch management plan that includes a framework for prioritizing, testing and deploying patches.
- Cybersecurity Awareness Training – While employees can represent the entryway for cyberattacks, they are also a business’s first line of defense against them. Proper training can help employees identify common cyber threats and respond appropriately. Ideally, training procedures would be tailored to the organization’s needs and focus on common threats like phishing, business email compromise and mobile device security. Employees should also be familiar with your business’ cybersecurity policies and know how to report suspicious activity.It’s important that training isn’t simply limited to employee orientation but is done frequently and always covers the latest trends, threats and organizational changes.
- Retirement of end-of-life systems – The end-of-life date refers to the date at which a technology system or application will no longer be actively supported or patched for security issues by the system or hardware manufacturer. Cyber criminals often target applications and systems that have reached the end of their lifespan because they know security issues are no longer being addressed by the manufacturer. Businesses should ensure that they are using operating systems, applications and hardware that are supported – and have a plan for retiring unsupported systems.
- Incident response planning – A cyber–incident response plan is a structured process organizations use to respond to cybersecurity incidents. These plans should include specific procedures for detecting, responding to and recovering from a cyberattack. The plan should also assign responsibilities to individual in the organization and describe technical requirements for containing and removing threats as well as requirements for maintaining or restoring operations.Businesses can test their cyber incident response plans through tabletop exercises. A tabletop exercise is a simulation of a real-life cybersecurity events where members of an organization’s cyber-response team walk through a mock response to the incident. Tabletop exercises are meant to help organizations consider different risk scenarios and prepare for potential cyber threats.
The Role of Cyber Insurance
When cyberattacks occur, they can result in business disruptions, lost revenue and litigation. The coverage provided in standard general liability policies is not enough to protect a business from cyber exposures. As a result, cyber liability insurance has become an important consideration. Cyber liability insurance policies are designed to meet a company’s needs and can offer important benefits. Protections vary, cyber liability insurance can offer:
- Data breach coverage
- Business interruption loss reimbursement
- Cyber extortion defense
- Forensic support
- Legal support
Despite the urgent need for cyber insurance, many businesses still have not committed to a standalone cyber liability insurance policy. According to Nationwide’s Agency Forward survey data, only 28% of small businesses reported having dedicated cyber coverage, while nearly 30% of middle market businesses still don’t have proper coverage.
To learn more about Nationwide’s cyber insurance offerings click here. You can also learn more about cyber insurance here.