Worried about how secure your business is? You should be. Cybercrime has increased by 600% since the COVID-19 pandemic. Cybercrime includes a wide range of illegal activities conducted via digital devices, computers, or computer networks, such as ransomware, phishing, other social engineering attacks, and identity theft and fraud.
There are millions of types of ransomware, malware that is designed to encrypt data on a computer; it can only be released by paying a “ransom” to the cybercriminal. Phishing occurs when misleading emails or text messages incite Internet users to reveal personal information, download malicious software or access malicious websites. Identity fraud includes compromising and accessing a user’s online accounts to use his or her identity, while fraud can be conducted by using stolen identification to steal funds.
Malware and web-based cyberattacks are the most expensive types of cybercrime, and companies spend an average of $2.4 million to defend them. One-third of businesses that were attacked by malware took at least a week to access their data. Yet half of information security professionals admit that their businesses are ill-prepared to resist a ransomware attack: Three of four companies that have been infected with ransomware had up-to-date endpoint protection.
The difficulty in protecting companies from ransomware results in costs of more than $75 billion per year; the average business will lose $8,500 per hour when undergoing downtime caused by ransomware and a total of $133,000. Nine in ten IT professionals had businesses that had been attacked by ransomware in the last year.
Phishing is another growing concern for businesses. More than half of IT decision-makers identify phishing attacks as their leading security threat, with CEO fraud having grown to a scam that costs businesses $12 billion.
While cybercriminals target companies and individuals, companies are more at risk because they may be better targets for financial gain. While any size business can become a victim, smaller businesses may be more vulnerable because their staff might not be as tech-savvy as larger companies.
Their records, including their employee records, contain valuable data such as personal information that may be an easy target. Their employees may be susceptible to spear-phishing techniques, where hackers pretend to be someone in authority, such as the company’s IT staff person, who asks for credentials to access the internal network. The accompanying resource describes more about how companies can protect themselves.