Cybercrime has become a major concern for businesses in 2021. But is it justified?
Cyber threats are cited as the second biggest concern among businesses this year, yielding only to the pandemic-related crisis. However, many smaller organizations are still unsure whether investing in online defenses is a practical decision.
In 2021, 86.2% of organizations were hit with at least one successful attack, according to Cyberedge Group’s 2021 Cyberthreat Defense Report. The Colonial Pipeline, JBS, SolarWinds, and Kaseya incidents were just a few among many that made headlines this year during the unprecedented stream of attacks. The overall number of data breaches will likely crown 2021 as the record year, with ransomware costs predicted to rise to $265 billion by 2031, as reported by Forbes.
As more talks are surrounding the importance of online security and dangers posed by threat actors, CEOs start growing anxious. The latest PwC report suggests that 47% of businesses are concerned about cybercrime, up from 33% last year. This puts online dangers as the second most prevalent worry - up from the fourth position in 2020. Furthermore, for enterprises located in North America and Western Europe, it was cited as “the top threat.” As a result, cybercrime outpaces uncertain economic growth, policy changes, and even tax-related worries.
Perhaps, such statistics have a lot to do with the three main factors:
- Media exposure received by major cyberattacks this year
- Insufficient resources invested in online defenses (especially by SMEs)
- A new work model oriented towards remote operations
Ransomware as the major threat
It is not surprising that executives think that ransomware poses the most significant threat to their businesses. In 2022, 61% of the UK CEOs are expecting ransomware attacks to surge, with 64% predicting an increase in cloud-related attacks. When it comes to ransomware trends, 2022 will be the year of the RaaS and double extortion models.
Despite a somewhat widespread belief that threat actors only choose large businesses as a target, it is usually not the case. Indeed, huge enterprises present a higher financial gain, but small businesses usually have fewer resources or incentives to invest in cybersecurity, thus opening more opportunities to criminals.
“There are plenty of examples of small companies going out of business due to a ransomware attack — it’s just a matter of time before a larger company ends up dealing with something similar, particularly as regulatory bodies are applying more pressure,” Miles Tappin, the Vice President of ThreatConnect, told CyberNews.
Why are businesses still hesitant to invest in cybersecurity?
We all know that prevention is better than cure, so why then do small to medium-size businesses tend to neglect online defenses?
“Cost is the biggest issue; no matter what security managers say, the people who write the checks do not want to pay for security unless they are forced to. There are a lot of organizations where top management does not believe they are a target,” Guy Rosefelt, Security Chief Marketing Officer at Sangfor Technologies, shared with CyberNews.
The 2021 Vodafone research revealed that 1.3 million of the UK’s small and medium-sized enterprises could go out of business entirely due to a cyberattack.
It seems like building appropriate defenses is often a costly and long process. However, the best working solution is to educate employees on the subjects of ransomware, phishing, and malware. Last year, there was a surge in ransomware and data exfiltration incidents linked to workers. The importance of educating your workforce and establishing safe working practices cannot be overstated and will be a great cybersecurity investment for a company of any size.
“They [empolyers] should explain how to avoid common mistakes (e.g. clicking links in suspicious emails) and empower their employees to feel confident online. In addition, it would be beneficial for organizations to outline clear processes that staff should follow if they want to report any risks or suspicious behavior. The sooner things are detected or reported - the sooner security teams can take the appropriate actions to limit damage or prevent it from happening again,” Tappin shared.
More from CyberNews
Subscribe to our newsletter