Learning Objectives:
This article on cybersecurity in 2020 includes:
- A brief overview of COVID-19’s impact on businesses
- Information on exposed data (hint: it was record-breaking)
- Threats faced by small and medium-sized businesses
Related Information:
We are only a few short weeks away from the end of 2020. Thank goodness! This year has been…unconventional to say the least, and its impact has been felt on a global scale.
As the year comes to a close, it’s good to take a step back and reflect on all that has happened. This article will examine the various cybersecurity challenges faced over the past 12 months and its impact on small to mid-sized businesses (SMBs).
The Pandemic
2020 will go down in history as the year of the pandemic as COVID-19 swept businesses into a frenzy. As quarantine mandates were put in place, many businesses found themselves rapidly adapting to a remote workforce. Enabling the technology to power this new work from home movement created challenges for IT, security, and compliance personnel, including quickly developing plans to protect sensitive data while ensuring continued compliance with applicable regulatory requirements.
As a part of this transition, businesses relied heavily on cloud services, remote desktop / VPNs, and video conferencing, which placed a high demand on network infrastructure. Naturally, hackers did not skip a beat and quickly capitalized on this opportunity. In fact, phishing, use of stolen credentials, and cloud / web app misconfigurations were the top attack vectors used by hackers during the pandemic according to Verizon’s Data Breach Report.
Cybersecurity 2020: Data Breaches
With those tactics, along with many others, events occurred. Events turned into incidents, and incidents turned into breaches. As if 2020 wasn’t already bad enough…it also officially sets the record for exposed data. With 2,935 publicly reported data breaches in the first nine months, we have seen 36 billion (yes billion) exposed records. Let that set in for a second.
There was Microsoft with 250 million records. Estee Lauder with 440 million records. Keepnet Labs with 5 billion records. CAM4 with a staggering 10.88 billion records.
Finally, not to be outdone and one of the most 2020 things that could have happened, we have the SolarWinds breach that made headlines on December 13, 2020. Talk about going out with a bang, am I right? If you want to learn more, one of our cybersecurity experts breaks it down for you in a short video.
Put Your Skills to the Test
Do you know the difference between an event, incident, and data breach? Take a stab at defining them, and then check to see if you’re right!
Event
An observable occurrence of a computer or network activity causing a negative impact.
Example:
A system is running slow or has gone down.
Incident
An event that has potential to lead to loss of data, reputation, intellectual property (IP), funds, or an outage affecting the ability of the firm to do business.
Example:
A misplaced laptop.
Breach
An incident that has resulted in the confirmed data loss or exposure and requires notice.
Example:
Compromise of a system resulting in the exfiltration of data.
SMB Threats
Large corporations weren’t the only ones navigating the gauntlet 2020 presented.
Remember how we talked about businesses are relying more on the cloud? What about the fact that hackers are focusing more on phishing campaigns? These two factors have drastically leveled the playing field between SMBs and large organizations from a hacker’s point of view. The days of flying under the radar as an SMB are over, and it is more important than ever for them to make cybersecurity a priority.
Financially motivated hackers and malicious insiders targeted credentials and personal data through web application attacks, business email compromise, and exploitation of non-malicious errors. Luckily there are ways for SMBs to combat these threats.
First and foremost, conduct an annual penetration test, especially if you have a proprietary web application. This will allow you to identify vulnerabilities before they can be exploited by a hacker. Don’t have a proprietary application? Work with your trusted advisor to conduct configuration audits of the applications and cloud services you do use. These audits compare your system and configurations against industry best practices, and you will receive recommendations on how lower your overall risk.
Finally, regularly training your employees is crucial. Then, test them with ongoing social engineering phishing campaigns, because the more practice they have, the easier it will be for them to spot threats. The easier it is for them to spot threats, the safer your business will be from bad actors.
Get Started on Your Cyber Plan
Conclusion
As the year progressed, the dust settled for most employees and their IT department colleagues. Only a small percentage of American businesses, however, have fully adapted to the new cybersecurity landscape that 2020 has presented. Although the year is coming to a close, it is important to implement the proper cybersecurity safeguards needed to protect company assets such as drafting or revising policies, training, or performing pen tests (yes you can pen test your remote employees).
If your organization has checked off one or more of the items listed above, you should give yourself a pat on the back and be proud. If you want to work on your cybersecurity posture, don’t be afraid to reach out to a trusted advisor. That’s what we’re here for!
With a new year comes new possibilities. Stay safe, stay healthy, and have a happy holiday season everyone.
