Before 2020, many companies took a cybersecurity posture equivalent to buying a car with great brakes, headlights and wiper blades, but no seatbelts or airbags. Most small businesses were focused almost exclusively on preventing cyberattacks. Antivirus and anti-malware programs blocked dangerous software from being executed. Password policies ensured that old, hacked passwords weren’t used on the network. Multi-factor authentication prevented your data from being encrypted or wiped due to a single stolen password. Employees were trained on how to spot and report suspicious emails or texts.
2020 Changes Everything
When the pandemic hit, much of those protective policies went out the window. Tens of millions of people went from working in their offices to working remotely. In most cases, technology staff had less than a week to prepare for this mass migration, and policies weren’t in place to support the vast majority of these remote workers.
Soon everything was different. Meetings were suddenly being held over Facetime and unencrypted Zoom sessions (a US House committee meeting was Zoom-Bombed.). Sensitive financial information was being discussed over email out of necessity. Some employees were doing business on their home computers, with their personal emails, out of necessity. Businesses were in a world where brakes and headlights didn’t work so well anymore, and it would have been a great time to have a seatbelt.
It didn’t take cybercriminals long to figure out the opportunity in front of them. The increase in phishing and ransomware attacks in mid-2020 was so large that it was nearly impossible to measure. One company estimated a 715% increase and another estimated an 800% increase. One company that surveyed US-based companies with 250 or more employees found that more than half of them had been successfully attacked with ransomware in 2020. The numbers may not have been that bad for smaller companies, but they were very bad.
An Expanded Security Posture Becomes Necessity in 2021
It’s been nearly a year since the pandemic-fueled race to remote work, and better technology and policies are now in place. The growth rate of ransomware attacks has slowed, and the amount of money demanded to restore files is down from its peak. These positive data points can’t change one important figure, however: every 11 seconds, another company is still falling victim to ransomware attack.
Working to prevent cyberattacks is still important – but it’s not enough anymore. For companies lucky enough to stay in business year after year, a ransomware attack is no longer an unfortunate instance of bad luck – it’s an inevitability.
For many small and mid-size companies, 2021 will be the first year where it will make sense to have robust policies, processes and software in place to detect successful attacks and stop them before attackers have the time to expand their reach across the entire network. This will minimize the amount of damage attackers can do even if they do gain access to the network. It will also prevent them from lurking in your network undetected for months, waiting for the perfect opportunity to insert themselves into a financial transaction.
This will soon become more than a matter of self-preservation. A growing number of companies will require vendors to have cyber insurance in place to avoid damages from theft of their financial information on a vendor’s network. And the insurance companies providing that cyber insurance will require policies in place to issue it.
For some industries, these new requirements are already here. For others, there may be a few years yet before they’re a prerequisite. But 2020 showed us that they’re coming for everyone sooner or later – and when it comes to customer trust and confidence, nobody wants to be the laggard among their competitors.
To learn how WingSwept can help your company defend itself against phishing, ransomware and cyberattacks, call us at 919-460-7011 or email us at Team_WingSwept@WingSwept.com.