David Aplin Group recently hosted an online webinar partnered with Dentons LLP and Everbridge. The webinar, Crisis Management, IT Disruptions and Business Continuity: The Big Picture, was a panel discussion facilitated by Jeff Aplin, CEO at David Aplin Group. The webinar delivered cybersecurity insights from two thought leaders, Kelly Osaka, Litigation & Privacy Lawyer at Dentons LLP, and General Manager & Vice President from Everbridge, Prashant Darisi.
An alarming statistic that Darisi shared was that 69% of companies from 2018 to 2020 experienced a cyberattack and paid a ransom to regain access to their data. And an additional 2% had to issue multiple payments, while 22% never regained access. The pandemic has resulted in a sharp increase in cyberattacks, and the sectors targeted the most during COVID-19 include:
- Government and Administration (always a prime target)
- Pharmaceutical and Health
- Logistics and Transportation
- Finance and Insurance
The Cyber Threat Landscape
The four most common types of cyberattacks companies often face is:
- Denial-of-service (DoS) attacks
- Malware/ransomware attacks
- Password attacks
- Phishing attacks
The most common ransomware attack consists of a nefarious cyber actor stealing information in hopes of receiving payment to release your data back to you. Otherwise, they sell your data to third parties or use it to their competitive advantage. It’s important to note that malware or DoS attacks mean that the attackers have likely been inside your network for weeks or even months, monitoring your systems. Cyberattacks have become much more sophisticated, using machine learning and techniques to avoid detection for more extended periods.
Statistics indicate that 47% of individuals working from home have fallen for a phishing scam. The cost to your business can be high. Darisi advised during the webinar that the average cost of downtime during a cyberattack is $8,600 per minute, and this does not include damages to brand and reputation or legal expenses and ransom payments. Here are some relevant factors of remote work that could potentially expose your business to cyber breaches.
At the beginning of quarantine, many employees relied on personal devices during the work-from-home transition. When employees are offsite using their own devices, accessing corporate data and information, the corporate level of cybersecurity does not exist. Personal laptops, phones or computers don’t have enterprise prevention and detection measures in place, putting the company’s data at risk. There is no guarantee of installed and updated antiviruses or properly encrypted Wi-Fi networks. Traditionally, home internet networks can be easier to hack.
Various technologies and tools enable collaboration and communication between teams, but they also blur the line between work and home. This puts pressure on employees to be available for IMs, video calls and emails at all times. Stressed and siloed employees are more likely to fall victim to a scam or cyberattack.
Reducing Cyber Risk Exposure
- Employee Awareness and Training. Keep your staff informed on what procedures are in place to report phishing scams and the best practices for email vigilance, and how to access company information safely. Consider providing cybersecurity training for all employees and incorporating it into your onboarding process.
- Company Equipment. Connect your employees using a VPN. Though not the only method of protection, VPNs (virtual private networks) act as barriers, helping to layer protection for internet users at home. Avoid the allowance of personal devices, if possible.
- Review your IT systems. Check your IT infrastructures for any vulnerabilities or weak spots and patch them up immediately. Continue to monitor and evaluate your systems regularly.
- Detection Software. Companies like Everbridge provide enterprise software applications designed to automate and accelerate response to critical events. Your goal with implementing software is to reduce your time to detect an attack.
There are many detection tools available, but the critical thing to do is ensure all platforms and systems work together. A flexible integration ecosystem will allow you to handle the attack most efficiently. Nearing the end of the webinar, Darisi outlined the ideal procedures to handling cyber breaches, called the DRIFT process: Detect, Rally & Respond, Investigate, Fix and Test.
If your company hasn’t prioritized cybersecurity, the time to is now. The question is not if a cyberattack will happen to you, but when. Protect your business, maintain productivity, and implement policies to detect and prevent cyberattacks.
David Aplin Group is a private family and employee-owned Canadian staffing agency founded in Alberta in 1975, recognized as one of Canada's most accomplished recruiting firms. Our mission is to positively impact lives. Blog author, Jeff Mercer, is a Business Development Manager at David Aplin Group, based in Calgary, Alberta.
Photo by Pexels