Cyber security threats explode – New Jersey business magazine
The COVID-19 pandemic has brought about many changes in the workplace, including challenges related to cybersecurity.
By Jennifer Lesser, Contributing Writer on July 2, 2021
From Zoom meetings and remote staffing to socially distant corporate events and conferences, this past year has been like no other for New Jersey business owners. While the COVID-19 pandemic has forced many employers to turn to virtual options to continue their businesses, there has also been a significant increase in cybersecurity concerns.
“Just over a year after the start of this unprecedented pandemic, cyber risk – over 90% of which can be attributed to email phishing attacks – has never been greater,” says Dave Wreski, CEO of Guardian Digital, Inc. He notes that there has been a 600% increase in phishing attacks due to COVID-19, and users are now three times more likely to click on a malicious link embedded in a phishing email (and ultimately disclosing their account credentials) than they were before COVID.
“Identity theft due to phishing can have a devastating impact on a business and its customers, often resulting in takeovers, exposure of sensitive data and serious damage to reputation,” Wreski adds, noting that the program Guardian Digital’s EnGarde Cloud Email Security identified and quarantined more phishing emails in 2020 than in any other year since the company was founded in 1999.
Rashaad Bajwa, CEO of Domain Technology Partners, agrees that having a large portion of your staff operate remotely and access confidential company files through personal computers and cellphones can often be a recipe for disaster. He notes that he has seen ransomware gang activity continue to accelerate over the past year. This is mainly due to the challenges of properly securing employees working from home, as well as the very high prices of Bitcoin, which have made ransomware bigger and more lucrative than ever.
“When everyone is working from home, there are more distractions and less protections to prevent users from clicking on malicious links. Rather than upgrading their networks to secure remote workers, many offices have simply lowered barriers and opened up access to remote users, ”he explains. “Unfortunately, remote users weren’t always employees, but malicious actors looking for vulnerable networks.
One of the biggest cybersecurity threats to a business remains ransomware, which has become a top priority among government agencies – like the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Department of Homeland Security – due to the significant impact that attacks continue to have on organizations around the world. According to Wreski, a successful ransomware attack often results in costly downtime, lost data and files, and severely damaged customer trust.
“Small and medium-sized businesses are a particularly popular target among ransomware operators, who recognize that these companies often lack the cybersecurity resources and expertise to fend off an attack,” he adds. Wreski notes that only 29% of these companies have experience with ransomware, which makes them more likely to be unprepared for the threat, while 60% of companies affected by ransomware are forced to close their doors in six months after the attack.
“CEOs must continually ask themselves if their business could survive a cyber attack and understand what the reputational damage and impact on revenue could be,” said John Gomez, CEO of Sensato.
In May, a cybercriminal gang managed to take a major US pipeline, which carries some 2.5 million barrels a day, offline. This represented 45% of the East Coast’s supply of diesel, gasoline and jet fuel. This incident with Colonial Pipeline is considered one of the largest attacks in history against critical national infrastructure. “The pipeline attack we just saw is just one example of the impact these types of cyber attacks can have,” says Gomez.
Unfortunately, many businesses, especially small and medium-sized businesses, continue to face other significant and growing cybersecurity challenges. Wreski explains that they often lack the IT resources and cybersecurity expertise needed to tackle today’s advanced cyber threats, such as targeted spear phishing and, of course, ransomware. In addition, the increase in the number of remote workers has created many more terminals – such as laptops and cell phones – than ever before, many of which lack adequate security defenses, have not been upgraded. day or are connected to unsecured networks, “he adds.
The COVID-19 pandemic has also created unique opportunities for hackers to access secure corporate information. “Now there are all these apps that appear that people think are trustworthy because they appear to be from the government, hospital, or some other health care provider, like some kind of checker or tracker. COVID symptoms, but it actually turns out to be malware, ”Gomez says. “It has become a great way for hackers to spy on your employees and gain access to your company’s corporate environment. “
So what should businesses do to protect themselves from cyber attacks? For starters, Bajwa recommends that all remote work solutions be secured with a virtual private network or multi-factor authentication (MFA), or both, ideally. While multi-factor authentication to log into work systems used to cost up to tens of thousands of dollars to implement, there are now low cost or even free MFA tokens available through Microsoft or Google Authenticator to enable businesses to access that extra layer of protection. against a cyberattack.
“With daily reports of stolen passwords on websites all over the world, it’s not about whether your credentials will be stolen, but when,” says Bajwa. “Multi-factor authentication ensures that even with a stolen password, attackers cannot access your network unless they also have physical access and log into your mobile phone. These additional layers of security are increasingly becoming the only relatively secure way to provide remote access without requesting a security incident. “
Gomez warns that many companies still fail to recognize the reality of cyber attacks and the level of sophistication that hackers often have. “A lot of people still think that a cyber attacker or hacker is a dropout who lives in their parents’ basement and has nothing else to do, but unfortunately this image was the reality there is. 10 or 15 years, ”he says. “Today’s hackers have attended renowned universities and have graduate degrees, and they partner with criminal organizations offering them everything from salaries and bonuses to benefits and vacations. “
To this end, Bajwa also advises business owners to regularly check their backup solutions, invest in cybersecurity insurance, and follow the least privilege rule so that users have only the minimum permissions necessary to perform their work. And, of course, it’s always a good idea for businesses to have a third party review their cybersecurity defenses.
“If you give everyone the keys to the castle, they can do a lot more damage than if they only had access to their local resource sandbox,” he says. It is also important for business owners to take the time to educate their employees on how to prevent cyber attacks and to ensure that their staff know how to identify something that does not seem right or that could lead to an attack. compromise.
“The financial and reputational cost of ignoring your cyber risk these days can pose an existential risk to your business,” Bajwa concludes. “When it comes to cybersecurity, ignorance is certainly not happiness.”
To access more business news, visit NJB News Now.