Share

Cybersecurity Awareness Month Tricks & Treats

With Halloween signifying the end of Cybersecurity Awareness Month, Centri has a handful of spooky real-world cybersecurity statistics (tricks) along with recommended tips (treats) to help avoid falling victim to these scary scenarios.

Trick: 95 % of cybersecurity breaches are caused by human error.

(World Economic Forum)

• Treat: Entity-wide cybersecurity awareness training programs and anti-phishing campaigns are of the utmost importance. Regularly educating workforce users to be vigilant against warning signs is a critical factor in preventing human-enabled vulnerabilities that attackers look to exploit.

Trick: 68 % of business leaders feel their cybersecurity risks are increasing.

(Accenture)

• Treat: A cybersecurity risk assessment should be performed at least annually to keep up with the evolving threat landscape and help identify new or unmitigated risk areas. A significant number of organizations do not perform cyber risk assessments regularly, or at all, and as a result, are not aware of their critical-vulnerability risk areas that need addressing.

Trick: Over 50% of all cyber-attacks are done on small and medium-sized businesses (SMBs) and 70% of small businesses are unprepared to deal with a cyber-attack.

(PurpleSec)

• Treat: Many SMBs often have the mentality of “they won’t come after us, they want the big fish”. But, cybercriminals are looking for the easiest targets. SMBs are less likely to dedicate adequate resources toward cybersecurity risk management, which makes them easy targets for attackers to wreak havoc.

Trick: The average ransomware payment skyrocketed 518% in the past year to $570,000 and the average cost of a ransomware recovery is nearly $2,000,000.

(GRC World Forums)

• Treat: Ransomware attackers typically penetrate information systems through clicked on phishing links, compromised user credentials, or by exploiting known system vulnerabilities. The best ways to help combat these attack vectors are through security awareness training programs and formalized patch management programs to ensure that information systems are running on the most up-to-date supported versions.

Trick: 54% of SMBs do not use multi-factor authentication (MFA) for their business.

(Cyber Readiness Institute)

• Treat: MFA drastically mitigates the risk of unauthorized access via compromised user credentials. However, due to the increased sophistication of cybercriminals, organizations should now avoid using SMS (i.e., text messaging) as a one-time code authentication factor when utilizing MFA to access information systems.

Trick: 90% of security leaders think their organization is falling short in addressing cybersecurity risk.

(Foundry)

• Treat: Organizations in which the Board, Audit Committee, and senior executives place a noticeable emphasis on addressing cybersecurity trends much more favorably in terms of avoiding security incidents and lowering the cost of breaches. Allotting an adequate budget to IT and Information Security is a critical governance step towards creating a secure control environment.  

Trick: More than 77% of organizations do not have an Incident Response plan.

(cybintsolutions)

• Treat: An Incident Response Plan (IRP) is one of three critical pillars within the Crisis Management suite of policies; with the other two being Disaster Recovery (DR) and Business Continuity plans (BCP). While DR and BCP help get systems back and running and help continue operations in the event of an outage, the IRP should be established as a plan to respond to and limit the risk of negative consequences. Testing the IRP with the necessary stakeholders is often an overlooked step and can be the difference between the IRP being effective or ineffective when put into use during a crisis.

Trick: 54% of Companies do not require vendors to provide proof of cybersecurity as part of their RFPs.

(ACA Compliance Group)

• Treat: Establishing and maintaining a robust vendor management program is a key consideration for mitigating vendor-related risks. This may include the establishment of a vendor risk management policy for onboarding and monitoring vendors, vendor risk ratings, compliance with internal control reports and SLAs, and requirements for the completion of cybersecurity validations. Assigning an “owner” of the vendor management program is also a key differentiator between successful and ineffective vendor risk management functions.

Trick: Software vulnerabilities increased by 20% last year (HackerOne) and 90% of all common vulnerabilities and exposures (CVEs) uncovered could be exploited by attackers without any technical skills.

(Redscan Labs)

• Treat: A formalized patch management program is the best way to help ensure that all information systems are kept up-to-date with the latest security. With a stronger emphasis often placed on patching workstation operating systems, patches to applications, servers, and firewalls are often overlooked and present an easily exploitable vulnerability for attackers.

Trick: Cyber insurance premiums increased by an average of 28% in the first quarter of 2022 and are expected to keep rising.

(Council of Insurance Agents & Brokers)

• Treat: Completing a cybersecurity risk assessment and addressing high-risk gap areas is the best way to lower the soaring costs of cyber liability insurance by showing insurance companies that you take cybersecurity seriously, and lessens your likelihood to be classified as a high-risk, and high-priced policyholder.

How Centri Can Help

At Centri, our IT risk and cybersecurity advisory services are designed with your greatest assets in mind — your people. We’re here to offer you the support, resources, and expertise you need, exactly when you need it most. Our advisory experts work alongside your senior leadership to help understand your current needs and align them with the right solutions. Please contact us for more information or to explore how our expertise in cybersecurity risk management aligns with the specific needs of your company.