Small to medium-sized businesses (SMBs) saw a 424 percent increase in cyberattacks in 2021, with the average cost of a successful attack surpassing $200,000 per incident; therefore, it’s crucial to keep cybersecurity top of mind in 2022.
According to the National Cyber Security Alliance, 47 percent of all SMBs were hit by a successful cyberattack, and of that number, 60 percent never recovered. This means 28 percent of all SMBs in the U.S. were forced out of business because of a cyberattack in 2021.
Everyone felt the effects
2021 was a record-breaking year for cybercrime, especially ransomware attacks. Forbes estimates that cybercrime cost global economies over $6 trillion in 2021. To put that into perspective, that’s more than twice the amount the U.S. government spent on the response to COVID-19 in 2021 (usaspending.gov). Cybercrime affects everyone, from large corporations to small organizations.
Last year, not only were large enterprises impacted, but the public became especially aware of the consequences of security vulnerabilities, with school closings, gasoline shortages, interruptions to the meat supply, attacks on hospitals, and even police departments were held for ransom.
Everyone’s focus should be on cybersecurity this year
Often, a vulnerability can arise due to a simple lapse in vigilance. What may seem trivial actually could turn into a catastrophe. Hackers probe computers connected to the internet 2,244 times per day, simply looking for any possible way past security (a study found from the University of Maryland). So, it’s crucial to stay ahead of these threats.
Pay attention to the cybersecurity basics:
- Use multiple layers of security. Make sure you have a knowledgeable team of professionals in place to implement and monitor these solutions.
- Back up your systems often and verify the data is recoverable in the event of ransomware, a successful attack, disaster, or other loss.
- Keep your infrastructure updated and patched to help eliminate the threat of vulnerabilities being exploited by hackers.
- Take advantage of encryption to keep sensitive data safe.
- Regularly train employees to best security practices. Employees and human error continue to be the biggest source of all data breaches, so everyone must be able to identify threats and respond appropriately.
Protect your passwords
According to IBM and the Ponemon Institute, 44 percent of all data breaches occur because of stolen credentials such as username/email and password. Often the credentials are obtained through phishing, so it’s vital to train employees how to spot a phishing attempt.
There are several other ways to combat credential theft, including:
- Always use two-factor authentication. Often the only way to combat a breach if credentials are stolen is by using two-factor authentication. The most infamous attack of 2021 against the Colonial Pipeline, which caused a gasoline shortage and cost millions of dollars, could have been prevented if their network had required two-factor authentication.
- Require a strong password and use a password manager. Use a unique, strong password for every site. To make remembering passwords easier, use a secure password manager and never store passwords in a browser.
- Consider moving to passwordless authentication such as biometrics or FIDO2 keys.
- Limit access to sensitive data. Only grant access to data (drives, files, folders, etc.) necessary for that specific employee. This will prevent a hacker from obtaining complete company-wide access if credentials are stolen.
Microsoft found there are 579 password attacks every second – that’s 40 times more than a hummingbird flaps its wings! Passwords tend to be the weakest link in any cybersecurity solution, so consult with your IT team to ensure you use all available methods to keep credentials safe.
Shift to zero-trust security
Perhaps the most significant security trend continuing in 2022 is the push toward a zero-trust methodology. Zero-trust security is a shift in thinking from the older “trust, but verify” model to a new assumption that nothing is secure and a breach is inevitable or has already occurred. Because zero-trust assumes there has already been a breach, this model has the unique ability to mitigate the effects of zero-day threats.
As the traditional office becomes more hybrid or full-time remote, employees are using more mobile and personal devices. As “bring your own device” (BYOD) becomes more normalized, organizations can no longer rely on a specific device or location to grant access, which increases the possibility of a successful cyberattack.
This move to more remote and hybrid work, along with vulnerabilities exposed in 2021, further validates the need to shift cybersecurity thinking. These vulnerabilities were found to be part of trusted software and opened up millions of devices to a potential breach. The zero-trust security model seeks to combat the negative security trends of 2021 by isolating all applications and devices and encrypting all data.
Consider upgrading to Windows 11
Built with zero-trust security in mind, Windows 11 was released on October 5, 2021. With security being the most significant upgrade to the world’s most widely used operating system, Windows 11 is well worth the upgrade in 2022.
We recommend that all organizations start working with their IT department to upgrade all appropriate devices to Windows 11. However, it’s important to keep in mind that the upgrade may mean investing in a new computer. The latest version of Windows requires a TPM 2.0 chip as its security foundation, and older machines may not have one. For more information on Windows 11, including our assessment of the new operating system, check out our Windows 11 Review.
Make sure you have the right team
A well-qualified IT team complete with cybersecurity specialists is needed more than ever to help put all the tools and processes in place to keep your organization safe as you move into the new year. A well-rounded IT department is crucial for every organization to help stop the growing number of successful cyberattacks, data breaches, hacks, and other vulnerabilities from being exploited.
Discover how a team complete with IT and cybersecurity experts from tca SynerTech can be affordable for every business, regardless of size. tca SynerTech offers an entire IT Department available to even small organizations f less than the cost of a single minimum wage employee. We provide solutions from tech support to enterprise-grade cybersecurity, and as your IT department, the service and savings provided by tca SynerTech will scale as your organization grows.
With tca SynerTech on your side, you can rest assured we will stay on top of potential emerging threats and help protect your IT systems before there is a major issue. Contact tca SynerTech today to learn more about how to protect your organization from cyber threats in 2022.