Hacking, ransomware and malware have become everyday threats, and IT departments are no longer equipped to deal with them.
Government organizations and businesses have begun looking beyond the IT department for to prevent cyber crimes — with tools involving employee training, third-party cybersecurity personnel and artificial intelligence tools becoming critical tools for preventing attacks.
Cyber crime is as diverse as it is pervasive, experts say, and setting up tools to fight it can be expensive: in August of this year, The National Security Agency gave Portland State University a $2 million grant to protect the electrical grid from attack.
But those costs can be a drop in the bucket compared to the cost of an attack: Ransomware attacks, which freeze a company’s data and hold it hostage, have increased nearly 500% over the last two years, according to cybersecurity firm Bitdefender.
Cybercrime research publication Cybersecurity Ventures estimated cybercrime costs to grow by 15% annually, to reach an estimated 10.5 trillion by 2025. But perhaps the scariest figure is that attacks by Artifical Intelligence are up 41% according to LexisNexis.
“You can’t really afford not to have cybersecurity anymore. One of our goals has been to make it more affordable,” says Michael Maddox, chief of client and core values at Convergence Networks, a Milwaukie-based network security provider.
“Not every business needs to be at the higher end of the spectrum. The more cyber security you have the less flexibility you have as a business.”
For companies that cannot afford cybersecurity staff, cybersecurity firms like Convergence can deploy artificial intelligence tools able to identify and halt suspicious activity on a network, no matter where the connected computers are located.
“It’s not just teenagers and opportunistic thieves doing this. It’s organized crime operations that are state-sponsored. You don’t even need to be good at cyber crime to do it anymore,” says Maddox.
“If you want to carry out a cyberattack, you can go on the darkweb and buy ransomware and these organizations will give you everything you need. Not only that, they can help you with targeting.”
There are two major factors that have led to the uptick in cyber crime. The first is that with more people working remotely, there are more undefended computers with access to private company information. The second is state-sponsored cyber crime, perpetrated by countries with an interest in disrupting the United States, most significantly Russia.
Nine years ago, Convergence dealt mainly with large organizations able to pay their costs. Now that cybercrime has become commonplace, they offer more affordable packages, starting at $500 a month.
Part of Convergene’s service is also to offer employee training. Cybersecurity tools can only go so far if a registered user accidentally allows a malevolent actor onto the network.
“The attack types are all across the board. Some of these, there’s nothing you can do about. And some are easily controlled with proper employee training.” says Wayne Machuca, who teaches cybersecurity at Mt. Hood Community College. “There are many employee trainings in the marketplace and every company should be employing at least one. Train, train, train. and when you are done, train again.”
RELATED STORY: Data Risk
On the day he spoke with Oregon Business, Machuca says he received a phishing email claiming he had won a gift certificate to Home Depot.
In addition to training employees on how to recognize attacks, companies should be in the habit of regularly backing up data. If ransomware does take over a system, reverting to a relatively recent iteration of data will be far less costly than dealing with the hackers. Additionally, companies should ensure all employees possess a strong password.
“A good password does not need to be complicated, but it does need to be in the 21-plus character range,” says Machuca. “Since 21 characters is a lot, think about using a passphrase.”
The most troubling thing about cybercrime is its diversity. There are far too many kinds of cyberattacks to defend against all at once. There is no one size fits all approach to cybersecurity, and a company’s plan should depend on its unique vulnerabilities.
“My number one advice would be to have a full cybersecurity assessment done by a cybersecurity firm, not just an IT firm, and vet them first” says Maddox.
“Get a cybersecurity roadmap. Ask yourself: ‘what do we need to mitigate today, and what do we need to mitigate two months from now?’
To subscribe to Oregon Business, click here.