Deloitte’s “Cybersecurity, in the Company’s Crosshairs” report shows how cybersecurity is one of the biggest concerns for businesses. However, there is a great deal of misinformation about this which seriously violates the company.
One of the most vulnerable are SMEs, since 43% of the cyberthreats target European small and medium-sized companies, according to a study by Kaspersky Lab and Ponemon Institute.
85% of companies are worried about their cybersecurity
According to the Deloitte report, one of the main sectors where most security managers are concentrated is technology. The head of technological security is usually present in a 45% of the Executive Committees/Directorate or in a 40% of the Security Committees, occupying relevant positions in the government of the entity.
However, although their business role is vital, their role is often positioned in relatively small departments within the company, so that often they end up being a 42% panelists who have in their security departments with one or two workers.
So what real importance is it given to cybersecurity in an organization? In general, the data provided by Deloitte ensure that it is high, since 85% companies show concern in this field, especially those belonging to the technology sector (72%), followed by services and consulting (59%) and finally banking and finance (57%).
On the other hand, the activities that are usually managed by the company itself are usually related to the management of access to systems, applications, as well as responses to security incidents, in addition to compliance and privacy. The hospitality and tourism sector is usually the most activities in-house. Externally, the most common activities are ethical hacking, cyberthreat intelligence, forensic analysis and vulnerability review. In this case, it is the Real Estate sector in which it most outsources.
Spam is one of the main cyberattacks
But what are the main business cyberattacks? First, you find spam, raising the percentage to 83%, followed by viruses/malware whose function is to disable systems and devices (62%) and the popular ramsonware with a percentage of 33%, finally, espionage industrial attacks on control and production systems represent only a 1%.
In addition, according to Deloitte, since much of the attacks are based on social engineering, awareness-raising, training and employee training is one of the greatest defensive methods against possible attacks.
Although the percentage of companies that do not offer such training plans has declined in recent years (a 49% in 2017 and 38% today), it remains a task to be done. But still, only a 24% of the panelists systematically and recurrently perform a cybersecurity analysis before the new product or service goes live, and a 25% never does it. Moreover, together with this, only 38% of the panelists have experienced no inconvenience following cybersecurity incidents.
Moreover, according to S2 Group, the whole company has to get involved in the theme of cybersecurity, and not only form, but it is also important to update knowledge.
Taking such measures is essential, as 68% of the cyber-atned companies have had a significant impact, largely rising to 100,000 euros and 25% has been unable to estimate these losses. In most cases (93%) the Directorate-General or the Board of Directors is informed and, more than half the time (58%), before the attack occurs, preventively.
43% of the cyberattacks target SMEs
According to S2 Group. “In recent years, much progress has been made in the field of cybersecurity, but still small and medium-sized enterprises, and especially those that have just been created, continue to neglect certain aspects that could seriously jeopardize the continuity of their businesses,” says José Rosell, partner-director of S2 Group, who believes that “there is a lack of real perspective on the dangers that may threaten them and the consequences they could entail”.
A 43% of the cyberthreats target European small and medium-sized enterprises, according to a study by Kaspersky Lab and Ponemon Institute. And, S2 Group stresses that there are ten fundamental cybersecurity errors that SMEs make. One of the most common is to think that with just an antivirus or a firewall you are sufficiently protected, or that the business information you have is of no interest to anyone.
On this last point, Kaspersky Lab emphasized in a statement that SMEs generally underestimate their position, and many of them do not reflect on the possible long-term impact of a cyberattack. It can be so significant that 6 out of 10 SMEs disappear within six months of a cyberattack and, in direct costs alone, disburse 35,000 euros.
Of those that have been victims of a cyberattack, 51% Of the SMEs did not think that they could be the target of a cyberattack, and a 68% who had not been victims believed more than unlikely that they could suffer one.
Other claims that put SMEs’ security at risk are “consider ingestoise people solely responsible for cybersecurity” and that “cybersecurity does not require maintenance.”
Compliance also contains failures, for example, the signing of confidentiality agreements that is very common in large companies, but not so much in SMEs, as well as non-compliance with the LOPD. In addition, the lack of security in contracts, as well as in the network and systems.
Although any company is susceptible to cybersecurity, those that offer services over the internet are especially vulnerable, because it is a focus for cybercriminals and, after all, digital becomes the basis of the business model Business. Finally, many SMEs think that business threats always come from a third party, and never from a possible worker error.
A Spanish home suffers between 100,000 and 500,000 attempts at daily cyberattacks
According to the mnemo company, a Spanish household suffers between 100,000 and 500,000 daily cyberattacks, although fortunately most do not occur.
Roberto Peña, director of cybersecurity at MNEMO, states that “The data of 1 in 3 people are compromised in the network; However, the problem is that this data is not isolated cases, it is a common threat that can affect any company and individual and will only go further.”
“Just as in real life they offer us protection and we take steps to be safe, we should also do so in the digital world,” Peña stressed.
According to the director of cybersecurity, the main cyber risk to which both companies and individuals are exposed is that of absolute ignorance about the danger, as well as the lack of government action, despite the growth in cyberattacks that Spain is suffering.
“Just as ITV is an indispensable requirement for a citizen to be able to circulate, and thus not put the rest of the inhabitants at risk, so should cybersecurity measures in companies. Promotion measures should not only be recommended, but also legislate and force; the issue is addressed with sanctions and communication procedures, but what about prevention?” said Peña.
But why are businesses so vulnerable to cyberattacks in the first place? According to Mnemo, 85% of the Spanish companies do not have technical processes on security breaches.
These are the 10 biggest weaknesses of companies in cybersecurity, according to the company:
- Information leaks through careless use of pendrives, tablets and phones.
- Theft of information and fraud.
- Lack of training and awareness.
- No security incident management plans.
- Very low investment in cybersecurity.
- Lack of business continuity planning.
- Weak passwords and access to shared services without well-planned user permissions or uncontrolled external access to the company.
- Inability to detect an attack quickly and autonomously.
- Expired operating systems, such as Windows XP and Windows server 2003 servers.
- Use of custom-made software without sufficient security guarantees.
Investment in cybersecurity is necessary. And you can invest in two ways: in the technology you have, or in managed security services, which must provide business auditing and review. But, as Peña points out, not a one-off audit, but a continuous analysis to be able to solve any risk that the company detects instantly.
Ransomware market grows in a striking way
On the other hand, Carbon Black researchers who have been in charge of monitoring forums on the dark web, have detected a market growth of $6,237,248.90. So the sale has increased by 2,502% since 2016.
In addition, the total value of ransomware sales on such websites have risen from $250,000 to more than $6 million in just one year, showing that ransomware is a very lucrative tool for cybercriminals and simple acquisition. In fact, it is estimated that some of these cybercriminals earn more than $100,000 from selling ransomware.
What are the sales prices? They usually range $3,000 – custom ones – and only $1 the basic for Android. It is also very common to make payments in Bitcoin.
“The global economy of ransomware is expanding into goods and services, as are the regular markets in which we participate during our daily lives,” the researchers said.
There is also innovation in the world of cybercrime, researchers from the Belgian university Leuven have discovered a new exploit, capable of affecting those devices that are connected to WiFi networks, especially those using Android 6.0 (41%) and later versions, but also attacks Linux, iOs, Windows, and macOS.
Once the device is infected, cybercriminals will be able to read emails, messages, passwords and credit cards of their victims, as well as modify them by infecting them with malware web pages.
