October Is National Cybersecurity Awareness Month: How Secure Are You?
October 2, 2023
Since the moment the internet was launched, cybercriminals have been wreaking havoc. According to Cybersecurity Ventures, cybercrimes will cause $8 trillion in damages this year. Cybercrime would be Earth’s third-largest economy if measured as a country.
This year marks the 20th annual Cybersecurity Awareness Month. As part of this campaign, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) spotlight the problem and offer suggestions for staying safe online. Click here to learn more and to access resources.
Cybercriminals Never Sleep
According to Hylant business partner and cybersecurity leader Arctic Wolf, today’s cybercriminals show no signs of slowing down. Based on their incident response data collected during the first half of 2023, Arctic Wolf reports the following:
- A 40% increase in active threat groups in May and June of this year alone
- More than 2,200 victims found on the dark web in the first six months of the year, the most Arctic Wolf has seen to date
- A $600,000 median initial ransom demand, up 43% over last year
Who Are Cybercriminals Targeting?
Threat actors base their attacks on opportunity, not on industry. However, Arctic Wolf notes a shift this year in which vertical has most often been the victim of all types of attacks (business email compromise, ransomware, network intrusion, etc.): finance and insurance. These industries tend to fall victim to phishing attacks more often because they conduct more transactions over email than some other industries. In previous years, healthcare clients held the top spot. Other top-targeted industry spaces include construction, government, education, and energy and utilities. Industries experiencing the highest median ransom demands included energy and natural resources, finance and insurance, shipping and logistics, business services and manufacturing. Cyberattacks and data breaches not only threaten large employers but also present a major concern for small businesses. In many instances, small businesses can be more vulnerable to cyberattacks because they lack the resources, protocols or proper systems to protect themselves. Click here for some small business cybersecurity tips.
How Are Cybercriminals Breaching Systems?
According to Arctic Wolf, unpatched software vulnerabilities, remote access hijacks, and phishing incidents led to most of the incidents the company investigated during the first half of this year. The most frequent “software exploit” they investigated was the MOVEit Vulnerability. MOVEit is a file-transfer application. The application’s critical zero-day vulnerability accounted for half of all software exploit-based root points of compromise. A patch was made available to resolve the issue. Earlier this year, cybersecurity agencies from the United Kingdom, New Zealand, Canada, Australia and the United States released a joint cybersecurity advisory, “2022 Top Routinely Exploited Vulnerabilities.” The report lists common vulnerabilities and exposures exploited by cybercriminals. The authors highlight that bad actors are exploiting older software vulnerabilities more often than newer ones.
Cyber JumpStart Portal
Just in time for Cybersecurity Awareness Month, Hylant clients are being given complimentary access to the Cyber JumpStart portal. This digital toolbox, designed by Arctic Wolf and powered by Hylant, is designed to help enterprises reduce the frequency and severity of cyber incidents and improve their insurability.
The Cyber JumpStart portal includes three modules:
- JumpStart IR Planner. Use it to create a customized incident response (IR) plan to help your company save time and reduce potential losses when a cyber event occurs.
- JumpStart Guides. Learn how to implement security controls required by insurance carriers.
- JumpStart Threat Scanner. Consistently scan your network for the known vulnerabilities that lead to the most cyber insurance claims (free for the first 30 days).
Hylant clients who want more information about the Cyber JumpStart portal or want to sign up should contact their Hylant service team member or a Hylant cyber risk advisor.
For help in strengthening your cyber risk profile or obtaining cyber insurance, contact Hylant.
The above information does not constitute advice. Always contact your insurance broker or trusted advisor for insurance-related questions.
Want more like this?
Sign up for our monthly e-newsletter, Fresh Perspectives, and other relevant content.