Reading Time: 4 minutes
Dialogues around cybersecurity and cybercrime were already reaching a fever pitch before Russia’s invasion of Ukraine was underway. In fact, since the Covid 19 pandemic started, cybercrime and hackings have surged by 600% with the average cost of a data breach jumping by $137K in today’s connected, remote workforce. Last year, more cyberattacks started focusing on American supply chains already faced with talent shortages and painful delays. And according to IBM, in 2021, the average time to identify a breach after a cyberattack was a startling 207 days.
Now the Biden administration is doubling down on its previous cybersecurity efforts and urging organizations across the United States to join the cause:
“The reality is most of our critical infrastructure is owned and operated by the private sector, and the federal government can’t meet this challenge alone,” Biden said. Just a week ahead of the Russian invasion, the National Security Agency issued an advisory on the urgency for organizations to use strong password types to shield credentials in device configuration files on Cisco routers.
The stakes couldn’t be any higher for organizations whose brand trust and reputation and bottom line are all at stake in the event of an untimely cyberattack. With the United States adding sweeping, coordinated sanctions for Russia and oligarchs almost daily, experts have heightened concern that Russian entities will act out against the American enterprise with a full-throttled campaign of cyberattacks. This cybercrime is poised to come in all forms, from disk-wiping attacks to ransomware, to phishing campaigns.
It’s time to act. Here are three ways you can arm and protect your organization now.
1. Assess your security vulnerabilities.
It’s critical to understand where your cybersecurity exposure is and identify prevalent vulnerabilities and risk levels. The NIST Cybersecurity Framework can help you gauge exactly how integrated cybersecurity risk decisions are factored into broader everyday business operations to identify risks, protect your business, detect active threat factors, respond, and recover. By assessing all your unique data and its value to threat actors, factoring business size, function, industry, and stakeholders with a Threat Profile is the first step.
Next, you’ll want to examine your organization’s capability to identify, protect, detect, respond, and recover to maintain security using a Maturity Profile. Finally, you can gain a clearer picture of your current approach with a security maturity grade and recommended next steps.
Many MSPs and technology organizations offer security assessments, learn more about the MicroAge Security Assessment.
2. Stick to Cybersecurity best practices.
Preparing for oncoming cybersecurity threats means reinforcing some of the basics. Using applications like Multi-Factor Authentication (MFA) and Single-Sign-On (SSO) can help empower your workforce while keeping your cybersecurity insurance intact in the event a cyberattack does occur.
There’s still an all too common misconception that because SSO only leverages one set of credentials for verification that it’s a less secure option than a series of separate credentials across various applications. However, SSO technology makes it more challenging for a hacker to gain access to any of the associated accounts. Meanwhile, users can enjoy having just one set of credentials and an added buffer of security. That extra layer of cybersecurity has gained relevance in today’s connected workforce.
3. Educate your workforce on the risks.
Your organization’s security posture is only as strong as your employee passwords and vigilance on cybersecurity. Even with best practices like SSO and MFA in place, your spam filters can’t catch everything, and spear phishing messages have an open rate 5-6x higher than actual marketing emails. 70% of employees fall for them. It’s important to educate your workforce on the current threat landscape, the types of text messages and emails they should be wary of, and business practices like using VPN that can help keep their data and communications secure wherever they work.
Having a company-wide cybersecurity training and policy is a modern business mandate, but don’t stop there. you can test your workforce with simulated phishing campaigns and alert them when team members are receiving deceptive communications.
Don’t wait for a cyberattack.
Now is the time to reassess your cybersecurity posture and strategy and educate your workforce on the current threat landscape and day-to-day best practices. Bringing in outside experts can help.
MicroAge is proud to support an end-to-end array of security services to protect your connected workforce and arm your cloud environment against the latest cyber threats. Our award-winning panel of experts and engineers are ready to help you navigate the next steps for your organization.