Cybercrime is worse now than it ever has been. CSO Online recently released the top five cybersecurity facts, figures, and statistics for 2017. This is what they found:
- Cybercrime damage costs to hit $6 trillion annually by 2021. “This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, and will be more profitable than the global trade of all major illegal drugs combined,” writes Steve Morgan with CSO.
- Cybersecurity spending to exceed $1 trillion from 2017 to 2021. That’s a lot of money spent trying to protect the world’s digital assets.
- Cybercrime will more than triple the number of unfilled cybersecurity jobs, which is predicted to reach 3.5 million by 2021. Not only that, but everybody who works in IT is going to be partly responsible for contributing to working cybersecurity.
- Human attack surface to reach 6 billion people by 2022. By 2030, that’s figured to be 90 percent of the projected world population who will be “connected” at that time, 6 years of age and older.
- Global ransomware damage costs are predicted to exceed $5 billion in 2017. “Cybersecurity Ventures predicts that a business will fall victim to a ransomware attack every 14 seconds by 2019,” writes Morgan.
Despite all of this, SolarWinds MSP has released security survey findings showing that 87 percent of businesses are confident in cybersecurity preparedness, even through 71 percent of them had at least one breach in the last year, and haven’t changed anything since. These are businesses that are handling your data as a consumer, and the same attitude that made the 2017 Equifax attack possible — they may be the same businesses that you yourself are running.
Whatever the case, with numbers like those seen above, it’s hard to deny that cybercrime is anything but serious. The stark reality is that more people will fall victim to cyber attack in 2018 than ever have before, and many will simply because they don’t expect to. This is because the best — and really the only — way to protect against these attacks is to invest in prevention. Here’s how to do that, as well as what to do if you get hacked in 2018.
How to Prevent Cyberattacks
For those who are business owners themselves, Record Nations recommends that prevention of data breaches and identity theft begins with creating a document management plan, and includes implementing electronic document management systems. Their entire plan, from prevention to recovery, can be seen here. The document management components are effectively presented and include:
- Conducting a complete inventory of all currently-existing records.
- Designating a single employee or manager with responsibility for the record management process.
- Developing a record retention and destruction schedule—typically with varying retention guidelines by state.
- Evaluating and determining the best method(s) for storing and managing records.
- Creating, documenting, and establishing proper company procedures for record storage and disposal.
- Implementing your policy, training employees, and ensuring constant communication throughout the company on any procedural changes.
- Creating a backup disaster recovery plan in the event of a breach or other emergency to immediately minimize damage.
- Maintaining, auditing, and optimizing prevention and recovery plans to maximize efficiency and effectiveness.
It’s particularly important to remember that an essential component of prevention means educating employees. This is where non-business owners can tune in: cybersecurity education isn’t just something that employees of businesses need to learn — it’s something the average person absolutely needs to be aware of. Brush up on your cybersec knowledge, learning about scams and malware including phishing and ransomware, and becoming familiar with the systems we use to enhance our daily lives. Our attackers prey on ignorance; let’s not make it easy for them.
Adhering to Cloud Security Standards
In the unfortunate event that you do get hacked and a data breach occurs, there are certain instructions you have to follow in response. These are stipulated by security standards, which vary depending on which industry you’re in, but the basic message behind all of them is same: companies that follow certain protocol before, during, and after a breach will minimize damage to customers and loss of data.
Security company eSignLive cites “adhering to cloud security standards” as one of the top ways to keep customer data safe in today’s digital world. This includes, but isn’t limited to, HIPAA, SOC 2, FedRAMP, and PCI-DSS compliance standards, so check on your specific industry’s standard post-breach protocol and adhere to it.
Disaster Response, and What to Do If (or When) You Suffer an Attack
Every company should have a disaster recovery and response plan, and that includes recovery and response against a cyber attack. These policies outline everything a company should do as soon as it recognizes an attack is taking place, what to do after the attack, and how to prevent downtime as a result. Taylor Litle, writing for the BigRentz blog, notes that constant testing and updating should be adhered to:
“Business should test out their policies after making them,” he writes. “They should never assume they will work. Be it mock run-throughs regularly, or a test once every few months, knowing that the system implemented works is imperative to ensure the business is kept above water rather than suffer from the unexpected.”
If your business doesn’t have a recovery or continuity plan, make sure that you get one for next time. The truth of the matter is, you are more likely to suffer a cyber attack than not. What separates winners from losers is the difference between knowing what to do once the crap hits the fan.
Fortunately, if companies and individuals both follow these steps to prevent and respond to cyber attacks, the number of incidents that malicious actors consider “successful” will decrease. The good news is that if you do get hacked in 2018, it’s not the end of the world, and there are ways to make it right. Prepare, prevent, and protect yourself — it’s your responsibility.