Protect Your Company Against Cybercrime and Advanced Persistent Threats
Now more than ever, businesses need to build defenses against cyber-attacks.
You could say that cyber theft is the crime that keeps on giving — for thieves. It’s also the crime that keeps on taking — from businesses and their clients.
For business owners, it’s not a matter of if they will get hit by cyber thieves, but when. Statistics say companies are woefully unprepared for a cyber-attack so the next question is how devastating it will be.
The Dark Web
Cybercrime is just too profitable to pass up for the law breaking elements around the world. They operate within the realm of the “Dark Web,” an ominous but inviting collection of websites that conceal the IP addresses of the servers that run them.
Information and data obtained illegally from businesses in cyber thefts are traded in vast, online exchanges found in the Dark Web that mask the identities of buyers and sellers. It’s the place where crime pays and pays well in quantity. The rise in practitioners and the amount of available data has driven the price for sensitive information down which has lowered the cost of entry to the every-day hacker.
According to Dark Web Price Index 2021, a Social Security number goes for $1. Medical records start at $50. Depending on the account type and the balance, online bank account information goes for as little as $165. Even spammers are making deals, with the entire US Voters database fetching $100. Access to a validated crypto currency account is only $300.
Developing commercial high quality, fast malware is worth $5,000 and malware for mobile technology is $150. Credit card details from account balance up to $5,000 earns $240 and an Instagram account with 1000 contacts is worth $5.
A distributed denial of service (DDOS), in which an attempt is made to render an online service unavailable by overwhelming it with traffic from multiple sources (10,000-15,000 requests per second), only costs $15 per hour. Banks or news websites are often targeted with DDOS attacks as a means of preventing people from publishing and accessing important information.
Prime Targets for Cybercrime
Cyber-attacks against small businesses are rampant. Research indicates that 62% of small businesses have been hit by cyberattacks.
Small businesses are often victims of the proliferation of cheap or free hacking tools that are easy to obtain and extremely effective. Advanced attacks often go undetected for days before being discovered.
The results are jaw-dropping. Cyberattacks cost businesses of all sizes $200,000 on average. Sixty percent go out of business within six months of being victimized. A 2020 report stated that 43% of small businesses paid $10,000 to $50,000 to ransomware attackers.
And in 2021 we continue to see small businesses suffering from the Covod-19 crisis deprioritizing the need to invest in cybersecurity.
Mitigating Cyber Risk
Business owners and company executives are realizing the reality of the risk and insuring their companies against the threat of cyber crimes, which is no different than purchasing property insurance.
Yet many business owners and merchants don’t know what to look for in buying policies for cyber insurance. An insurance company may try and exclude malware, for example. Another may try to exclude patents and trade secrets, prime targets for cyber thieves.
If you don’t know what to look for, Sera-Brynn can help. Insurance companies are asking experts like us to help craft policy language and we can help business owners determine specific coverage and ensure the policy meets company’s needs. Writing your own policy is often the best way to ensure coverage.
But remember, cyber insurance won’t be your savior. As Ben Franklin said when discussing fire insurance, “An ounce of prevention is worth a pound of cure.” It takes aggressive prevention and security measures to protect your company from cyber thieves. Sera-Brynn has developed an Endpoint Detection and Reporting (EDR) capability that we call CHECKLIGHT®. It, like a house alarm system, provides constant monitoring of your computers to identify and alert you to threats that have bypassed your other defenses. The EDR enables you to take timely action to prevent malware from taking over your critical business information systems.
Even with insurance and an EDR like CHECKLIGHT in place, it is important to develop a plan of response for a crisis management event that occurs when a breach is suspected. Most company executives have not developed an Incident Response Plan to guide them thru a crisis when it occurs, and it will. Who do you call? Do you know if you are compliant to industry standards? What critical information do you have? What do you need to immediately preserve? Who do you have to report the breach to? All critical questions that will drive the cost and duration of recovering from the breach.
There are many things to consider and include in the plan, like when to call in a legal team, the cyber forensics firm, notify vendors, customers and others and even public relations. Success is measured in hours, not weeks.
If you do not know where to start, we can help. We believe knowledge is the first step to cybersecurity, so we strive to share what is happening in the industry and what is important for companies to know. We have a virtual library of our past webinars online, and welcome the opportunity to present cybersecurity topics in person to businesses and organizations.
For information on our services or about CHECKLIGHT, please contact Sera-Brynn by phone at 757-243-1257, or by email at firstname.lastname@example.org.