The past few years have seen a cyber revolution, with more businesses than ever before moving toward remote working structures. With this movement online, businesses are increasingly having to deal with extended attack surfaces, making them more of a target for hackers and those with deceitful intentions.
2022 has been the worst year yet for cybercrime. Throughout the year, we saw the number of phishing attacks increase by 48%, ransomware by 41%, and an overwhelming general increase in the total amount of fraudulent activity. For business owners and CEOs, the rise in cybercrime is a huge problem that must be tackled – sooner rather than later.
In this article, we’ll dive into some of the most common cyber threats that businesses are currently facing. For each of them, we’ll then recommend actions that CEOs can take to further secure their businesses. We’ll cover:
- Phishing and Email Security
- Ransomware, Education, and Backups
- Software Supply Chain and SBOMs
Let’s dive right in.
Phishing and Email Security
Phishing is the most common cybercrime that we encounter in the modern age. Due to how easy it is to pull off and how it only takes one small human error to create a vulnerability, this is a preferred medium of attack for hackers and scammers. Phishing is when a hacker sends an email to someone inside a company. From there, the employee will accidentally click on a link they shouldn’t have or download something.
Often, this is an attempt by the hacker to steal user account information. Once they have this info, hackers are able to log into internal systems, helping them to then steal data or move into ransoming information. Again, due to this only taking one error by a human clicking on something by accident, this is extremely common in businesses.
In order to protect your business from this, we recommend that you dive into the world of email security. Most of the free secure email providers that are currently on the market will provide at least a default level of email security. This will cover most businesses on a fundamental level, ensuring that they at least have one layer of defenses up and running.
However, there are additional features that you can then add on to your security package to further secure your accounts. Beyond other security platforms, you can ensure that all of your employees have to move through multifactor authentication (MFA) before accessing their accounts.
MFA requires your employees to verify their identity from another device, be it a different laptop they own or from their mobile phone. This additional step will kill the vast majority of phishing attacks in their tracks. Even if a hacker does steal a user’s information, they won’t be able to move beyond the MFA screen, halting them and giving your security team enough time to respond.
Ransomware, Education, and Backups
Ransomware is a devastating type of security event to run into. Not only do these attacks sever a company’s connection to their own data, leaving them unable to work, but they often result in the customer base of that company losing faith in them. Even if a ransomware event is solved rapidly, the loss of trust that is experienced can often lead to the company’s bankruptcy down the line.
Much like with phishing, it only takes one mistake from a single employee to them cause a complete ransomware event. When this occurs, your options are either to pay the ransom, or risk going through the authorities and having all of your data corrupted. In these situations, it’s very much a lose-lose. So, as a CEO, we need to know how to get ahead of these events and protect ourselves before they ever occur.
There are two strategies that are wonderful for protecting against ransomware events:
- Employee Education – These events won’t happen if your employees understand how they occur and are able to spot them. Launching educational initiatives where you explain to your employees what a typical ransomware email would look like will help decrease the chance of an event like this occurring. Regular test emails from your security team will help make sure that people remember their training and are always on the ball.
- Backups – Backups should be the lifeblood of every single company. Having backups in several different locations almost completely nullifies the impact of a ransomware event, as you can simply move to your backups and continue as normal. Make sure that you instruct your software team to create frequent create backups and store them in different places.
Software Supply Chain and SBOMs
Over the past decade, the software supply chain has increasingly become more complex. While companies used to exclusively produce the software that they used, it is now increasingly the case that companies will use Open Source software and third-party solutions in order to bring their product to market.
The growing complexity of the software supply chain, where any given product could be a composite of thousands of individual pieces of software, has led to vulnerabilities causing damage on a much larger scale. Last year, we saw this with Log4J, which impacted the largest tech companies in the world, government agencies, and non-profits across the globe.
In light of this, we recommend that you ensure your software department are practicing the best current procedures for dealing with OS and third-party software. If you’re not already using and publishing a SBOM (software bill of materials), then you should start. This document will outline exactly what software components you’re using.
Beyond just helping you react quickly if there one of your components discovers a vulnerability, a SBOM will also help you get in line with current software supply chain standards and licensing issues. This will benefit you greatly down the line, helping to keep your business safe.
Final Thoughts
As a CEO, it is one of your top responsibilities to ensure that your company is protected from the mounting cyber threat. As these threats continue to materialize and impact companies across the industry spectrum, having procedures and defenses in place is the best way of protecting your business.
When you invest in cyber security and its methods, you’re investing in protecting your employees, your business, and your customers. Cyber security impacts us all, making it one of the most important factors that you consider when running a business in this digital age. Be sure to move through this list and engage with our tips to put you on the right track toward success.
