Cyber – the ever-evolving risk
Cyber-attacks increased by 38% in 2022 and the cost is predicted to hit US$10 trillion by 2025*. As the cyber landscape continually evolves at a rapid pace, it is no wonder that demand for Cyber insurance is increasing exponentially as well.
Where are the threats coming from?
Ransomware continues to be one of the top cyber threats. 71% of companies worldwide were affected by ransomware in 2022. According to Microsoft, 97% of all ransomware infections take less than 4 hours to successfully infiltrate their target, causing an average downtime of 22 days.
Supply chain attacks are also commonly used by cyber criminals. SME suppliers, third-party contractors or Managed Service Providers (MSPs) sometimes have weaker security controls and hence act as gateway into the larger entity’s network. MSPs in particular are an attractive target because of the large volumes of data they hold, and their remote access can provide pathways into other companies’ networks and IT environments.
Social engineering and phishing scams have proved to be effective and easy to run at scale by criminals. As businesses are increasingly relying on technology, and criminals continuously resorting to more sophisticated techniques, this threat continues to grow.
Cloud vulnerability is also a big cyber security challenge. Providing protection can be harder as there is often a shared responsibility for Cloud security between provider and customer. A provider is responsible for securing the infrastructure, access, patching and configuration of the hosts and the network; the customer is responsible for managing user and access privileges, protecting cloud accounts and data and maintaining compliance.
Internet of Things (IoT) refers to physical devices embedded with software which can be controlled via internet infrastructure – eg CCTV cameras, smart TVs, and even coffee machines. Hackers attempt to gain access to the wider network through an IoT connected device as they often lack appropriate security measures and rely on cloud-based services which sometimes means a weaker protection.
What can your clients do to be more cyber secure?
Multi-Factor Authentication (MFA) is essential. This is a critical control that Delta recommends your clients to adopt across all internet-facing parts of the business, including Office 365, employee remote access, customer portals and systems containing third party and payment information.
Backup controls are an important ransomware protection control. We encourage clients to have offsite and offline backups that are MFA-protected, with regular testing of backups for corruption or failure.
Utilise endpoint protection with regular monitoring.
Software patches should be applied within a month of release.
Cyber awareness training and processes for reporting suspected attempts bring attention to the latest cyber threats, such as phishing simulations.
And finally, a positive working culture and staff retention reduces the likelihood of insider threats and human error.
- *Source: Cybersecurity Ventures