Cyber attacks – understand the risks.

Most business owners are aware that cybersecurity threats pose a significant risk but many businesses remain vulnerable to cyber-attacks. We have pulled together some statistics to increase understanding of the current environment of cyber threats, why it matters, and what you can do to stay safe.

Did you know?

  • The vast majority(86%) of cyber-attacks are for financial gain
  • Ransomware accounts for 27% of breaches
  • Phishing and credential theft make up 59% of breaches
  • Configuration errors are on the rise and comprise 22% of breaches.
  • Hacking remains the #1 tactic that is used in 45% of all breaches.

According to the 2020 Verizon Data Breach Investigations Report(VDBIR) the vast majority(86%) of cyberattacks are for financial gain and ransomware accounts for 27% of breaches.  There is a related and disturbing trend of hackers accessing secure information and threatening to upload it to the Dark Web if the business does not pay a ransom.  These attacks are extremely costly and all businesses are potential targets.

Phishing and credential theft make up 59% of breaches.  This is why employee training is vital to the prevention of cyber-attacks.  Employees must learn to be skeptical of all email, SMS messages, and even phone calls that trick them into divulging business credentials like usernames and passwords or personal information.  It is much easier for a criminal to trick a person into divulging their credentials than attempting to brute force crack them.  Training to identify social engineering attacks with a robust password use policy is vital in protecting businesses from potentially devastating attacks.

Configuration errors are on the rise and make up 22% of breaches.  This is a disturbing upward trend which means human error resulted in the exposure of confidential information to the public.  Another good reason to implement robust employee training.

Hacking remains the #1 tactic that is used in 45% of all breaches.  Hacking occurs when usernames and passwords have been compromised and made available to criminals via the Dark Web.  Robust username and password policies can help to decrease vulnerability to hacking.  Small businesses should develop and enforce these policies to safeguard their secure information.

Cybersecurity employee training and strong policies are important for all small businesses. Companies in the Department of Defense supply chain may need to adhere to a stricter standard than other businesses and are required to meet the NIST 800-171 guidelines. Over the next 5-7 years, this requirement will shift to the CMMC(Cybersecurity Maturity Model Certification).  Espionage may not be high risk (5% of breaches) for a business, but once a company’s information is compromised (exposed to the public via the Dark Web), the consequences are the same to the DoD.  The DoD requires the breach to be reported via channels identified in a company’s Incident Response Plan. Do you have one?

Maine MEP can help to assess your risk and make a plan for securing your business. Contact us to learn more.

About the New England Regional Defense Industry Collaboration (NERDIC): NERDIC is a partnership of the state economic development organizations of Connecticut, Maine, Massachusetts, New Hampshire, Rhode Island, and Vermont, working to support Small and Medium-Sized Enterprises (SMEs) that provide parts, assemblies, to Tier One providers working with the U.S. Department of Defense. NERDIC has financial support from the Office of Economic Adjustment, U.S. Department of Defense. The content reflects the views of the New England Collaborative and does not necessarily reflect the views of the Office of Economic Adjustment, the U.S. Department of Defense, or the participating states.