October, National Cybersecurity Awareness Month, is quickly coming to an end, but concerns over malicious and (and often costly) cyberthreats certainly are not. A 2021 press release issued jointly by McAfee Enterprise and FireEye stated that cyberthreats have increased by 81% since the global pandemic. Now more than ever, public and private sector organizations, including government agencies, schools, utilities, hospitals, and businesses, are common targets for cybercriminals.
Sound surprising? It shouldn’t. According to one GovTech article, data breach numbers, costs, and impacts all rose in 2021. The following information from the Identity Theft Resource Center (September 2021) provides evidence of this alarming trend.
- The number of data breaches publicly reported in the U.S. decreased by 9% in Q3 2021 (446 breaches) compared to Q2 2021 (491 breaches). However, the number of data breaches through September 30, 2021, exceeded the total number of events in all of 2020 by 17% (1,291 vs. 1,108).
- For Q3 2021, the number of data compromise victims (160 million) was higher than in Q1 and Q2 2021 combined (121 million). The dramatic rise in victims is primarily due to a series of unsecured cloud databases, not data breaches.
- The total number of cyberattack-related data compromises as of September 2021 was up 27% compared to FY 2020. Phishing and ransomware continued to be, far and away, the primary attack vectors.
Additionally, according to a 2021 report from IBM and the Ponemon Institute, the average cost of a data breach among companies surveyed reached $4.24 million per incident in 2021, the highest in 17 years. Among the contributing factors were:
- Remote workers
- Significant breaches in major industries, chiefly healthcare at $9.23 million per incident
- Compromised credentials/compromised data
While modern approaches to mitigating risk have reduced the cost of recent breaches, the number of cybercrime cases is steadily rising. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) reported a whopping 62% yearly increase in cybercrime cases between February 2021 and February 2022.
Hackers, scammers, hacktivists, and other cybercriminals are constantly looking for ways to get inside your organization and steal one of its precious assets — its data. Besides the basics of using antivirus/antispyware software, keeping operating systems and apps up to date, adopting a formal internet/email policy, and training employees in basic cybersecurity principles, make cybersecurity a key part of your organization’s continuity of operations or emergency operations plan (COOP/EOP).
Don’t just put your cybersecurity plan in writing; put it to the test. Consider adding a cyber scenario to your next COOP/EOP exercise. It’s a simple and inexpensive way to assess (and improve) your organization’s cybersecurity preparedness and, ultimately, its resilience.
BOLDplanning, a division of Agility Recovery, provides expert consultative services and leading-edge software for developing, maintaining, and exercising continuity, emergency, and hazard mitigation plans. The company also recently announced a new partnership with Risk Solutions International LLC (RSI) for information technology/disaster recovery (ITDR) planning capabilities.