Small and medium businesses (SMBs) are facing a reckoning now. Insurance companies are forcing many to get proper security measures in place, or they risk not being insured. But how did it come to this? Over the years, cybersecurity insurance has paid out billions in claims from malware and other attacks bringing businesses to their knees. As these attacks became more frequent and more targeted, it became costlier and more likely that insurance companies would have to pay out claims because companies were, and always will be, vulnerable to attack. Insurance companies have introduced a few new tools to lower their risk of paying out on losses due to cybersecurity incidents. And some of these tools have affected how the industry couples cybersecurity and insurance.
Credential Stuffing was our topic last week. If you missed it, here is the link. We discussed what it is, the steps hackers take, and how likely you are to be a victim. Other than not reusing passwords, we did not cover how to prevent falling victim to one of the most common attacks. Let’s look at how to stay safe from a credential stuffing attack.
We often discuss the proactive approach you should take when it comes to cybersecurity. Ongoing training will help strengthen the human risk factor, and sending fake “phishing” emails will keep your organization engaged. However, the fact is, you can’t eliminate all the risks when it comes to experiencing a data breach. That means that having an incident response plan (IR) should be on your list of “must-haves” when it comes to intelligent cybersecurity.
This past week, Howard University had to cancel classes due to “unusual activity on the University’s network.” As a result, their Enterprise Technology Services (ETS) team shut down the school’s classes for the day to investigate the situation, which they identified as a ransomware attack. This ransomware attack brought to light the consideration of how deep and wide the net can be cast on any one entity. An incident like this forces us to pause and consider the range of data that could be compromised. A university or college is like a mini-city.
2020 was an intense year. 2020 put Cybersecurity tactics to the ultimate test. We had to change so many fundaments in the way we lived and worked that put our lives and offices in such volatile situations that tested our resilience in every way possible. This volatility fueled a boom of cybercrimes, and we witnessed record-breaking ransomware and phishing attacks. These attacks did not discriminate. They were prevalent in every single industry, including those who were not accustomed to receiving these attacks. Through our partner, ID Agent, we are spotlighting the top five cybersecurity trends of 2020 and their impact on today.
With the fact that 158 accounts are hacked every second on average, businesses need to be versed in what to do when you receive the alert that your or employee's credentials have been compromised. It is an unfortunate reality that once exposed on the Dark Web, your information cannot ever be completely removed or hidden. You cannot file a complaint or contact a support line to demand your data be removed. Your company should immediately start taking appropriate steps and measures to correct or minimize the risks and potential damages associated with this exposed data. We must identify, understand, and learn from past mistakes or failures, and adopt a more proactive and preventative approach to your business' cybersecurity strategies moving forward.