Each autumn, with the back-to-business mindset following summer holidays, organizations reflect on their sensitive data during Cybersecurity Awareness Month, observed in October. Businesses spend billions of dollars annually on cybersecurity. Statista forecasts the global Information Security market will approach $175B by 2024. Products and services supporting this market are expected to hit $1.1725 trillion USD in 2022.
We asked a selection of our business partners—BlackBerry, JT IoT, and SLNT—for their perspective on the current threat landscape and what they’re doing to mitigate risks.
Every enterprise knows the importance of investing in InfoSec. Increasingly, CEOs are adding a box to their org chart filled by a Chief Information Security Officer. Nonetheless, CISOs face pushback from their peers in the C-Suite. The CFO says cybersecurity is too expensive. The COO thinks all the controls slow productivity. The CIO advocates for IT outsourcing. While the CMO wants marketing to have access to custom data.
Mobile Device Management is a critical element of any robust IS strategy, which is essential to keep your network safe from harm. Specializing in encrypted mobile solutions, security and privacy is our core business at Myntex. We are focused on the very essence of cybersecurity, which is verifying the identity of others, while continuously proving our encryption is authenticated to defend against malicious interference and data breaches.
The Most Common and Costliest Cyberattacks on Business
Ransomware has been the dominant cybersecurity news story this past year, affecting not only enterprise organizations but increasingly targeting small-to-medium business.
As an industry leader in cybersecurity BlackBerry notes, “The current infrastructure of the underground cyber economy continues to evolve quickly with threat groups sharing hacking techniques, malware code, tech infrastructure, target lists, and even exporting stages of the process to hackers with specializations, allowing for attackers to operate faster and at scale. In fact, some of the biggest incidents of 2021 appear to have been the result of this outsourcing. On top of that, cybercriminals can often circumvent being shut down by authorities by breaking up and reorganizing as new cybercriminals groups.”
The company confirmed it believes the best defense is to adopt a prevention-first approach to cybersecurity. “BlackBerry customers benefit with artificial intelligence (AI) and machine learning (ML) driven cybersecurity products, which have been independently proven to prevent malware from executing on endpoints including the latest ransomware strains.”
Gateway Attacks and Vulnerabilities As indicated in the Statista charts below, phishing was the most common cause of ransomware attacks reported by managed service providers.
According to Datto’s Global State of the Channel Ransomware Report, “Carelessness and gullibility are the greatest threat to small businesses. With phishing mails, poor user practices and lack of cybersecurity training on top of the list of leading causes of ransomware attacks, it becomes clear that end user education is an essential part of IT security.”
These cybersecurity threats resonate with our industry partners. Employee driven threats appeared across the companies we surveyed as a top concern.
SLNT® CEO, Aaron Zar, ensures all employees and contractors are trained on cybersecurity best practices, which the company regularly updates to keep staff and systems safe.
“Just like technology, cybersecurity is always changing and evolving,” notes company spokesperson Avie Zar. “Our Cybersecurity mitigation plan is reviewed annually. When reviewing and updating a plan we always cover these key topics.”
By analyzing and identifying potential threats, through internal and external risk assessments. Beyond implementing a plan to protect the business, SLNT keeps looking for vulnerabilities, with monitoring practices aimed at detection.
Key Business Systems Under Attack
Enterprise Management – An Internet Crime Report shows business email and spoofing attacks rose sharply with the pandemic, leading victims to send criminals fraudulent wire transfers. “They do so by compromising an employer or financial director’s email, such as a CEO or CFO, which would then be used to request employees to participate in virtual meeting platforms.”
Operations Management – The latest DBIR notes, “2021 illustrated how one key supply chain breach can lead to wide ranging consequences. Supply chain was responsible for 62% of System Intrusion incidents this year. Unlike a Financially motivated actor, Nation- state threat actors may skip the breach and keep the access.”
Financial Management – Today’s CFO makes critical cybersecurity decisions, especially with the risks associated with ransomware. “There are costs for remediation, cybersecurity software meant to prevent ransomware, and loss of productivity. There’s also a potential cost associated with damage to an organization’s brand and reputation.”
Business Email Compromise Attacks
A recent report in ZDNET noted, “While ransomware gets global attention when it takes down vital services and cyber criminals get away with multi-million dollar ransom payments, there’s another big cybersecurity issue that’s costing the world more money, but remains an embarrassing secret for many, even though, according to the FBI, it’s cost victims over $43 billion dollars to date.
Business email compromise (BEC) scams may lack the drama of hacking attacks but it’s possible to argue that they’ve become the biggest cybersecurity issue facing the world today.
BECs were the costliest types of cybercrime connected to financial losses in 2021.
“Losses to cybercrime increased significantly in 2021. The losses – which are located mainly in the U.S. but were collected around the world – are estimated at $6.9 billion last year, up from $4.2 billion in 2020.
Other costly cyber crimes with businesses at their center were personal data breaches and corporate data breaches, which occur when criminals steal or release the personal data of individuals or companies previously stored in a secure location.
Out of all victims recorded by the FBI, 59 percent were in the U.S., 38 percent in the UK and 3 percent elsewhere.”
Preventing Attacks On Business Mobile Devices
One of the world’s leading carrier-neutral IoT connectivity platforms, JT IoT is a SIM card provider for our custom encrypted mobile solution, ChatMail™. “Supported by a team of 70+ people and with over 500+ global networks, JT IoT provides customers sustainable, scalable, compliant, and secure access to connectivity.” The company has a Bring Your Own Device to work policy, which it manages through Microsoft Endpoint. Proactive security audits with penetration tests from third-party providers is part of their cybersecurity risk mitigation plan.
Organizations need to be pre-emptive in safeguarding mobile communications with policies to protect all users and hardened devices for key team members who need extra security. Awareness of possible attack vectors is a fundamental first step, especially for small to medium size businesses who are increasingly being targeted.
- Malware – malicious software that can steal login credentials while bypassing 2FA
- BYOD programs – a risk to your MDM in part due to the use of apps and social media
- MitM attacks – mobile applications using unencrypted HTTP
devices – the lack of security and privacy features of a tamper-proof phone
Cybersecurity Awareness is a daily practice and with the right tools you can trust your communications are both private and secure.
Myntex is an industry leader in the field of encryption technology, offering enterprises expertise in mobile security supported with evidence based live data extractions.