Cybersecurity has been around in various capacities for a few decades, but it was not a common practice until relatively recently. It was not until 2003 that the United States established the National Cybersecurity Division—the first official unit responsible for handling cybersecurity.
As technology continues to advance and become more accessible to everyday consumers around the globe, the volume of cybercrimes committed is growing exponentially. Furthermore, these cyberattacks are continuing to increase in complexity and are resulting in more severe damages. However, some companies are still lagging and are not implementing adequate measures to protect themselves, their employees, and their customers.
To help explain why companies need cybersecurity, we enlisted the help of Rick Tracy, the Chief Security Officer at Telos Corporation. Rick shared with us some of the main reasons companies need proactive cybersecurity operations in place and how businesses can best protect themselves against the continued growth of cyberattacks. Cyberattacks include ransomware, malware, phishing, denial-of-service, fraud, and more. Continue reading to discover some of the insightful Rick shared. And, be sure to listen to our podcast episode with Rick for a deeper dive and considerations to protect your company.
Over the past few years, the threat landscape has become bombarded with countless cyberattacks daily. According to the data and trends collected on cyberattacks, especially data from the past 12-18 months, these cyberattacks will continue to increase at exponential rates. Part of this is because cyberattacks are becoming more lucrative for cybercriminals since they are figuring out new ways to extort and collect money from massive corporations, small and medium-sized businesses, as well as everyday individuals.
Furthermore, the shift towards remote work due to the COVID-19 pandemic exponentially increased the number of cyberattacks. For reference, the first six months of 2020 saw more cyberattacks than the entire year of 2019. Therefore, companies are now tasked with keeping remote employees’ systems, devices, and networks safe now that they are not working out of a central and more secure location, such as a company office. Some actions companies are taking to combat cyberattacks include:
Commercial organizations run around 80% of the United States’ critical infrastructure. These commercial organizations are not mandated to have cybersecurity practices in place. Therefore, these companies can be easy targets for cybercriminals and make both the public and the government extremely vulnerable.One of the main reasons companies avoid cybersecurity comes down to money. Rick compares this to the government requiring car manufacturers to include seatbelts in all new cars in the 1960s and again in 2000 when anti-lock brakes in cars became obligatory. Not all car manufacturers wanted to produce these additional features because it cost them more money to make the vehicles. However, seat belts and anti-lock brakes are vital in keeping car patrons safe and are now the standard.
Rick states that this should also apply to cybersecurity. Companies may not want to implement cybersecurity practices because it’s another expense, but in order to keep people and companies safe, cybersecurity needs to be implemented and should not be optional.Moreover, it is beneficial for governments to mandate cybersecurity measures because it will help keep their information, citizens, and country protected from cyberattacks. For example, during the past year in the United States, several cyberattacks against companies have impacted millions of Americans. These include the Colonial Pipeline and SolarWinds attacks. Furthermore, the U.S. government has also been the victim of numerous attacks, including several hacks that are believed to be the work of Russian hackers.
Cyber insurance is an excellent way for companies to help protect themselves if they are victims of a cyberattack. Cyber insurance not only aids businesses in complying with state and federal regulations when they experience an attack, but they also help cover the resulting fees and expenses.Cyber insurance companies are starting to require that clients follow a list of requirements to help protect themselves from attacks. This is because the volume of cyberattacks is increasing dramatically, along with the number of people impacted, the amount of money lost in each attack, and the complexity. If a company fails to comply with the best practices, the cyber insurance company will likely refuse to take the business on as a client.These best practices created by cyber insurance companies are also helping set a new gold standard, or at the very least, a minimum of how companies should be proactively protecting themselves online. Prior, companies had little to no official recommendations or instructions on the basics of cybersecurity to use for guidelines.
Cybersecurity is a field that is continually evolving and adapting due to the nature of technology and those who are looking to abuse it. Companies need to understand that cybersecurity is no longer an option if they want to keep their company, employees, and the public safe. As cyberattacks continue to grow in volume, the vitality of having proper cyber hygiene in place will also continue to escalate. If you are interested in more content in the realm of technology and the industry at large, be sure to check out our other QSights podcasts.