Invest in Cybersecurity Now: Benefits and Consequences
The COVID-19 pandemic taught the world several lessons the “hard way,” including the paramount investment needed in cybersecurity.
The United States of America Cyberspace Solarium Commission released its May 2020 white paper entitled “Cybersecurity Lessons from the Pandemic,” wherein it advocates the need to digitize critical services and provide a more reliable cyber ecosystem (in addition to other findings). For the last three months, bad actors representing foreign states and interests enhanced attacks on healthcare and critical infrastructure, while independent hackers (also suffering in a depressed economic climate) increased ransomware attacks against easily exploitable targets for profit. In short, the bad guys capitalized on a common vulnerability: cybersecurity.
While liquidity is challenging all businesses at present (excepting Netflix, Hulu, and Disney+), there are financial benefits to investing in cybersecurity now:
Lower cyber insurance premiums: Insurance companies see progressively lower profit margins annually on cyber insurance, causing premiums and deductibles to increase. Some insurance companies require potential insureds to answer cyber hygiene questionnaires or allow a form of penetration testing to determine the potential insured’s level of cybersecurity before agreeing to coverage. Depending on the results, type of industry, and data handled, the premiums fluctuate. A way to decrease monthly premiums and/or deductibles is to demonstrate a commitment to cybersecurity and enforcement of cyber hygiene practices such as data and device encryption (particularly for cloud storage), incident response plans, continuous security awareness training, using a trusted managed service provider, an information security staff, and third-party risk assessments or audits.
Expanded Marketability: The ability to claim robust cybersecurity makes a business more attractive as a partner/vendor for larger organizations. As stated by the National Institute of Standards and Technology, cybersecurity is examined in supply chains and “cyber supply chain risks touch sourcing, vendor management, supply chain continuity and quality, transportation security…and require a coordinated effort to address.” Businesses that rely on services from outside vendors look at a vendor’s vulnerabilities, ability to manage emerging vulnerabilities, and general information security practices.
Options: The cybersecurity marketplace is growing and very diverse, with products targeted for small businesses that operate on a local network with minimum endpoints to larger cloud-based entities with hundreds of remote workstations and devices. Software companies, managed service providers, and cybersecurity specialists can work with each individual business to find a price-appropriate solution for an added layer of cyber protection.
Below are real-life consequences of the failure to invest in cybersecurity (all within the last ten days):
June 5, 2020: The city of Florence, AL became a victim of the DopplePaymer ransomware gang, which dismantled the city’s email. A security firm hired by Florence negotiated the ransom down to 30 bitcoin, worth around $291,000. City mayor Steve Holt said that Florence had elected to pay the ransom despite not knowing for certain what data the cyber-criminals had stolen and encrypted.
June 9, 2020: Australian Beer Brewer Lion Pty Limited was hit with a ransomware attack, shutting down large portions of its IT system. As of an announcement made on June 15, 2020, the computer system is still not fully operational.
June 9, 2020: Honda manufacturing plants in Ohio and Turkey went offline after a cyber-attack compromised some of the Japanese automaker's facilities. The incident occurred when one of Honda's internal servers was targeted from the outside and an infection spread throughout its network. The Honda attack was facilitated by “Snake/Ekans,” a new type ransomware that specifically targets industrial control systems (ICS), often used in factories.
June 10, 2020: The city of Knoxville, TN computer network was hit with an overnight ransomware attack, forcing a shutdown of the system, and prompting the city to alert the FBI and TBI. One police department was impacted. The city did not have cyber insurance and has not commented on whether it will pay the demand.
June 11, 2020: Ransomware gang REvil is auctioning sensitive data and documents stolen from Symbotic LLC, a US-based robotics company, which creates software and robotics solutions for supply chain manufacturers, distributors, and retailers. The initial attack occurred sometime during the first week of June. More coverage can be found at KrebsonSecurity.
Even without attracting attention on national news, LinkedIn, or Twitter, the time and interruption of business services required to address a cyber incident is costly. According to a 2019 American Medical Association-Accenture Medical Cybersecurity Survey, 36% of health institutions were unable to provide care for at least five hours following a cyberattack. For some patients, five hours can be the difference between life and death and the resulting lawsuits can cripple the business interests.
Lesson: Do not wait. Invest now in cyber hygiene policies, guidance, the personnel, software, hardware, and employee training.