One-in-six of all firms attacked this year, 17 percent, said yesterday that the impact was serious enough to materially threaten the solvency or viability of the company, Hiscox Cyber Readiness Report 2021.
KnowBe4 Africa SVP Content Strategy and Evangelist Anna Collard said the report provided some concerning statistics and facts about the impact of cybercrime.
“It is a game, and it is one that Hiscox fundamentally believes no business should leave to chance. Multiple threat vectors and variable threat actors, and, perhaps most worrying, repeated attacks on companies by cybercrime pose a serious risk to organisations small and large alike,” said Collard.
According to her, the report underscored the immense challenge that organisations face when it comes to securing the business and the people within it.
“This is the time for the organisation to turn and face the threat head-on,” she says. “It is too risky to think that these attacks happen to someone else or that your systems are too good to be breached. There is always a vulnerability or a bad decision made by an employee.”
The most extraordinary point to come out of the Hiscox report was said to be the fact that more than a quarter of those organisations hit by cyber-attacks were hit more than five times in a year. Forty-seven percent of enterprise scale firms were targeted more than six times, and 33 percent fought off attackers more than 25 times.
That translated to 33percent of companies being attacked on average twice a month. The attacks were said to not be a once-off when organisations could was just attacked, paid the ransom and was left alone. The attacks were repeated.
“The more successful a breach, the more the organisation is targeted,” said Collard. “The victims of these attacks are paying the ransom, and then they are being hit again. The problem is that many organisations are just paying up to protect sensitive information, and this is encouraging the attackers to keep on coming back for more.”
Just over half of those targeted (58 percent) paid a ransom either to recover data or to prevent publication of sensitive information.
When asked about the first point of entry of the attackers, 37 percent of respondents mentioned their corporate-owned servers, 31 percent their cloud-based servers, followed by company websites (29 percent) and employee error such as phishing or spoofing (28 percent).
Collard said she believed that organisations could fight back and put themselves in the driver’s seat. This started with investing in people, processes and technologies and applying best practices across the organisation. She said it paid off to have people dedicated to cyber-security, to put investments into people and technology that allowed for the organisation to achieve security maturity.
“If you achieve a certain level of maturity in your people training, processes and technology, then you can mitigate the impact of these incidents far more effectively. If you do not, the impact will be far more severe. The Hiscox research shows that organisations with more mature security fare best when attacks happen. They had less ransomware attacks, and when hit, recovered more quickly. You need to ensure that your people know and understand your security policies, and really do recognise the value of these policies in protecting both the organisation’s data and their own.” she said.
KnowBe4 Africa said the focus for the future should not be on the security threats and concerns that the organisation could not control, but on the internal systems and processes it could.