Cybersecurity: 2022 Look Back. 2023 Look Forward
January 20, 2023
Provided by SBAM Approved Partner, SensCy
2022 was a record year with increases in reported cyber breaches and costs to recover from such incidents. In December alone, there were 78 publicly reported incidents with over 31 million records compromised. As cyberattacks continue to escalate, national and local news media are paying more attention and are quick to report these cyber breaches. For small and medium-sized organizations (SMOs), the statistics on the Internet are cause for major concern, including:
● Top three cyberattacks were ransomware, phishing & malware.
● 47% of SMOs in the USA have experienced a cyberattack. More than half have experienced more than one attack.
● 100% of SMOs have experienced multiple phishing attempts.
● Over 50% of data breaches at SMOs are related to employee errors.
● Less than half of small businesses carry cyber insurance.
● 42% of SMOs don’t have a cyber incident response plan.
SMOs are concerned about cybersecurity along with the recession/inflation concerns and supply chain issues. With cyber, SMOs are expecting to see increased attacks and continued lack of cyber resources to help them. When it comes to attacks, SMOs are most concerned with financially motivated attacks like ransomware and fraudulent payment requests.
Hackers will continue to increase focus on financially motivated attacks, i.e. ransomware. There are multiple ways that a hacker could target a Ransomware attack. While you can’t defend against all of them, there are a few common ones that you can recognize early. Some simply start with a phishing email to trick your employee to click a malicious link or download files with malware. Other times they take advantage of misconfigured systems or a zero-day vulnerability that you have not fixed.
A new emerging threat in recent years is State-sponsored acts. Countries hostile to the USA will continue to use cyberattacks to disrupt critical infrastructure and businesses. SMOs will be innocent targets in 2023 from State-sponsored attacks.
Another area of concern is attacks at third-parties that impact small businesses. For example, an attack on Amazon Web Services or Internet-carriers, like Xfinity, will impact all SMOs that rely on these services. Similarly, an attack with a key supplier can impact the operations from lack of raw materials, parts or products. SMOs will need to brace themselves for increased and more sophisticated attacks in 2023—it is better to be prepared and ready to defend.
“By failing to prepare, you are preparing to fail” – Benjamin Franklin
Ransomware is everywhere
Many reports point to continued increases in ransomware attacks and payments. In 2021, companies in the USA paid $227,266,604 in ransomware payments. By mid-year 2022, companies in the USA already paid $136,151,195 in ransomware payments. That is a 17% increase in payments from the prior year!
On average, businesses paid $1.5 million to recover from a ransomware attack and it took, on average, one month to fully recover. These amounts should be deeply disturbing for small and medium-sized organizations (SMOs) who lack the financial and technical resources to respond to a ransomware attack.
A new threat emerged in 2022 – Double Extortion Ransomware. Hackers learned that organizations with effective back & recovery processes didn’t elect to pay the ransom. With double extortion ransomware, hackers also steal protected data to force the organization to pay the ransom.
In 2023, Hackers will continue to increase focus on financially motivated attacks, i.e. ransomware. There are multiple ways that a hacker could target a ransomware attack. While you can’t defend against all of them, there are a few common ones that you can recognize early. Some simply start with a phishing email to trick your employee to click a malicious link or download files with malware. Other times they take advantage of misconfigured systems or a zero-day vulnerability that you have not fixed.
No one is immune
Hackers aren’t discriminating against their targets, they attack businesses of all sizes and types. Companies in Michigan and neighboring states saw attacks across the board, including:
● Hospitals: While Michigan Medicine took the lead on headlines from their data breach from a phishing attack, there were others including Trinity Health System who suffered a ransomware attack and Wright & Filippis, a provider of prosthetics and orthotics.
● Schools & Colleges: Some districts in Michigan were closed for a few days from cyberattacks while others paid ransom payments to the hackers. In December 2022, Hope College in Holland, MI was sued and is facing potential class action lawsuit from the cyber incident.
● Law Firms: In the American Bar Association’s 2022 Technology Survey to its members, 27% confirmed they had a cybersecurity breach. Law firms in Michigan were also a target.
● Restaurants: Even restaurants and bars have experienced cyberattacks. In November 2022, over 10 restaurants using Cincinnati’s Facebook & Instagram accounts were hacked, credit/debit cards on file were used to buy ad-credits, and inappropriate content was published to ban accounts for life. It created mass chaos for these restaurants as they rely heavily on social media to reach out to their customers about events and deals, especially during the holiday season.
● Manufacturers: Cyberattacks occurred on the US subsidiary of a Japanese plastics manufacturer, Sumitomo Bakelite North America, headquartered in Michigan.
● Not-for-Profit: In October, MiTCON, a company that supports non-profit organizations in the Midland area, suffered from a ransomware attack.
● Local Airports: In October, a number of airports suffered a Denial-of-Service (DOS) attack. These include Chicago O’Hare, Phoenix, LaGaurdia, St. Louis, Georgia, Orland, Colorado, Los Angeles, and Des Moines. None of the Michigan airports reported any cyber incidents in 2022.
● Local Government: Both Webster Township and Allegan County experienced ransomware attacks in 2022.
The list above is a small sample of reported attacks. There was no pause in January 2023 and SMOs continue to experience cyber attacks.
Prevention is better than the cure
2022 continued the upward trend in cyberattacks and the average cost per data breach. IBM surveyed over 500 organizations and reported that the average cost of a data breach increased to $4.35 million in 2022. For small and medium-sized organizations (SMO), a different data point is more important—average cost per record from a data breach:
The average cost per record breach increased in 2022 to $164. An SMO that lost 10,000 records, will incur $1,640,000 in related expenses:
● Notification costs: Customers and any third parties whose protected information was compromised will need to be notified of the breach. It is common practice to pay for a one-year credit monitoring for them also.
● Cyber forensic expert fees: A thorough investigation will need to be completed on what happened to get a clear picture on how many records were compromised. Cyber consultants will also need to assess your systems to make sure the hackers’ access is completely eradicated. Your insurance provider and federal/state regulators will require you to take this very expensive step.
● Legal fees: Lawyers will need to be involved throughout the process. There is potential for lawsuits from affected parties that will incur lawyer fees and substantial payouts.
Then, there is potential for loss of business due to the breach. There are non-financial costs such as impact on brand, embarrassment from local news media who are quick to report cyberattacks, etc.
Cybersecurity is a chronic condition
Cybersecurity is like a chronic disease. There is no “one pill” that will prevent it. You must improve all areas of your cyber hygiene (described below) to improve your cyberhealth and reduce the risk or impacts from a cyberattack.
General Safeguards – Provide for the understanding and basis for the cyber risks and the framework to implement to mitigate cyberattacks.
Preventative Safeguards – Prevents or reduces the impacts of cyberattacks.
Education & Awareness
Monitoring Safeguards – Early detection of suspicious activity leading to a cyberattack.
Recovery Safeguards – Procedures and practices in place to effectively recover from a cyberattack.
Taking steps beforehand can be critical and mean the difference between your organization’s success or failure when preventing or mitigating the impact from a cyberattack.
In the past, SMOs relied on cyber insurance to help recover from cyber incidents. In 2022, average insurance premiums increased by nearly 25%. In 2023, SMOs should expect cyber insurance to:
● Increase premiums in 2023 at the time of renewal
● Include more exclusions and restrictions in the policies
● Provide evidence of implementing effective cyber safeguards to qualify for insurance
● Require key controls around multi-factor authentication, endpoint security, and encryption
● Insist on continued compliance of terms in an insurance policy to approve filed claims
● Deny claims from state-sponsored threat actors. A state-sponsored threat actor is a loose definition today.
The biggest feat for SMOs is not being able to get adequate cyber insurance at an affordable price. Therefore, it is important to start early and implement the safeguards discussed earlier in this article. Help mitigate your risk of a cyberattack – uncover your SensCy Score.
A great tool to help determine your overall cyberhealth is the SensCy Score™.
It’s akin to a credit rating or FICO score in the sense that it gives you a broad estimation of your organization’s cybersecurity. The score is a good indication of your organization’s cyber hygiene and how prepared your organization is against cyber threats. The score considers information from your system, including preparedness, defenses, detection, response, and recovery. The score is on a scale from 0 to 1000. An organization should strive for a score of 800 or more.
To schedule your SensCy Score™, please visit www.sbam.org/cybersecurity.