As we speak with small and midsize business executives, we sometimes hear that cyber attacks and the risk of data breaches are no longer seen as a threat serious enough to warrant attention and spending. We understand this hesitancy. Even with the level of media visibility, the prevalence of security solutions and a weariness of the constant focus on security can lead to the conclusion that we can let our guard down.
The reality, however, is that the rate of cyber attacks jumped about 600% in 2020. More businesses are getting attacked and more attacks are successful.
A List of Breaches
For perspective, in the last 4 weeks, the cyber security experts at ID Agent have published data on these major breaches. Many are likely to be familiar to you or represent a major government entity.
- Metropolitan Police Department of the District of Columbia
- Pennsylvania Department of Health
- The Resort Municipality of Whistler
- CNA Financial
- Personal Touch Holding Corp
- Hobby Lobby
- Illinois Office of the Attorney General
- Wyoming Department of Health
- Eversource Energy
- California State Controller
- The New York Foundling
- University of Maryland Baltimore
- CareFirst BlueCross BlueShield Community Health Plan District of Columbia (CHPDC)
The Case for Concern
The list, above, is only a sample and only represents larger breaches. Cyber attacks hit small and midsize businesses on a daily basis. Even so, we often view protection and recovery services as insurance. We do not want to pay for coverage; we hope we never need to use it; and we do not see the value until we are a victim.
A Model for Success
Cyber security differs from insurance. We can reduce the risk of successful attacks with foresight, planning, and protections. Our CPR Cyber Security Model balances awareness, prevention, and response.
Communicate and Educate
Involve everybody in the solution. Communicate the risks and your commitment to protecting the business and your employees. Educate your team on the risks, how to spot and report attacks, and how their behavior can prevent or help an attack.
Protect and Prevent
Implement multi-layer, multi-vector protections that focuses on your people (identities), data, applications, and systems. Use “next gen” solutions that analyze behaviors and that can learn as risks evolve.
Respond and Recovery
No defense is perfect. Have services in solutions in place that let you recover and return to operations within a time frame that protects the health of your business. More than getting data and systems back on line, we recommend that you put in place the forensics, legal, public relations, and customer service resources you will need in a cyber attack emergency.