ransomware-surges

Cyber crime is on the rise. In the U.S. alone, McDonalds, Colonial Pipeline, SolarWinds, and JBS Foods were all recently forced to pay millions due to ransomware attacks that compromised their data. Former Cisco Systems CEO John Chambers predicts an onslaught of up to 100,000 ransomware attacks this year alone, which could cost organizations an average of $170,000 USD each. 

The absence of cyber security standards contributes to the problem. Almost all organizations invest in security procedures to protect their physical property from intruders. However, the threats to digital property are just as real, with fewer organizations developing adequate protocols to safeguard these assets. It’s not hard to understand why. Cyber security technology is complex and ever-evolving, and so are the threats. Keeping up with these changes is not easy or cheap. 

Voluntary Standards Are Not Enough

Despite the growing wave of cyber attacks, the U.S. requires very few of the sixteen most vital industry sectors to meet minimum cyber security requirements. With threats increasing, 86% of the Cybersecurity 202 Network—a panel of more than 100 cybersecurity experts—said that the government should require organizations in “critical industry sectors” to meet minimum cyber security standards, according to a recent survey from the Washington Post

While officials in the past considered voluntary standards good enough, that attitude is quickly changing. The U.S. government may soon require organizations considered critical to the nation’s interest to follow a defined set of cyber security standards. According to CNBC, a recent memo from the White House warned businesses that “the threats are serious and they are increasing.” The memo highlighted a number of best practices organizations can take to protect themselves from ransomware, including backing up data, systems images, and configurations, as well as regular testing and network segmentation. 

“If a company has done proper segmentation, every time the bad guys try to cross a segment you get the opportunity to detect them before they can trigger the malware,” Michael Daniel, president and CEO of the Cyber Threat Alliance, told CNBC. “By employing this practice you make yourself more resilient against having a successful ransomware attack launched against you, and if you do have one you’re usually able to mitigate the damage and recover much more quickly. This is what gives companies a lot more options than believing they have to pay the ransomware.”

A Problem Organizations Must Manage

Because a lack of universal cyber security standards is precisely what criminals are taking advantage of, it’s vital that governments and organizations develop them soon. In the meantime, organizations must grapple with cyber crime on their own. Those with mature cyber security strategies look at it as a threat they must manage rather than a problem to solve after it happens.

“For some risk you employ technology, for some you buy insurance,” Daniel told CNBC. “The point is that a company is actively managing the risk, not just hoping that something bad doesn’t happen to them.”

Among the steps organizations can take to manage cyber security risks are developing a strategy and ensuring employees are properly trained on how to deal with potential threats. 

Cyber Security Considerations for an Effective Cyber Strategy Within Your Workforce

Ideal for technical professionals across all industries who support their company’s IT departments and require up-to-date information on how to protect enterprise networks from potential threats, Cyber Security Tools for Today’s Environment is an 11-course program designed to help businesses improve their security techniques.

Contact an IEEE Account Specialist today to get access to the course program for your organization.

Interested in learning about getting access to the course program for yourself? Visit the IEEE Learning Network to learn more.

Resources

Hum, Thomas. (14 June 2021). Over 65,000 ransomware attacks expected in 2021: former Cisco CEO. Yahoo!finance

Caminiti, Susan. (11 June 2021). Cyber standards are key in battling ransomware attacks. CNBC.

Marks, Joseph. (11 June 2021). The Cybersecurity 202: Our expert network says it’s time for more cybersecurity regulations. Washington Post.

While large-scale corporations likely have provisions in place for cyber threats, many smaller enterprises simply believe they’re too small to face cyber attacks, leaving them extremely vulnerable.

Under-investment in skills development coupled with a massive spike in outsourcing for more than a decade has left the industry with a growing shortage of skilled cyber security specialists. There’s now escalating demand for cyber security skills and a shrinking pool of resources – a shrinking pool that is able to demand ever higher rates, making essential cyber security unaffordable for all but the largest and most successful companies.

But before you forego cyber security for your company, consider the alternative.

Devastating Consequences

The consequences of a cyber attack, particularly for a small and medium-sized enterprises (SMEs), can be devastating. Loss of revenue is the primary cause of irreversible damage, from the theft of sensitive financial information and loss of suppliers. Subsequently, the costs for recovering and reinstating business could be huge, particularly with the loss of suppliers.

Company reputation is also impacted by a cyber attack. If consumers and suppliers believe cyber security is not a priority, they’ll look elsewhere for services.

And when you consider the potential fines involved, breaches to sensitive consumer information can lead to insolvency procedures for SMEs.

Proper Provisions

Putting the proper provisions in place will help ensure preparedness in the face of a cyber attack. For starters:

  • A backup procedure will speed up recovery. If company files are encrypted, it’s easier to restore and get back up and running.
  • Updating systems regularly is key to minimizing vulnerabilities in the company’s network. Make sure all computers run on the latest installation process and communicate the necessity for doing so, particularly to staff who ignore update notifications.
  • Employee training on cyber security is essential. Accidental clicks on harmful emails are primary entry points for hackers, so staff must be trained in identifying phishing emails.
SMEs cyber security system update cyber threats to small enterprise

Ultimately, as breaches become the new norm, a strong cyber security policy will aid in a long and successful future for any size company.

Where to Start with Your Enterprise Security

Get the cyber security training your organization needs now to stay secure. IEEE’s Cyber Security Tools for Today’s Environment is an 11-course cyber security training program designed to help businesses improve security techniques. Register today to get this for your company, or explore our other courses on the subject here.

Resources

Kennedy, J. (1 Mar 2018). Cybersecurity skills shortage. CSO

Wall, E. (1 Mar 2018). Cyber security threats and provisions for SMEs. IT Pro Portal