12.28.21 – Arkansas Business
The pandemic has brought lots of changes to our world, including drastically accelerated growth for e-commerce.
Globally, the shift to cyber-everything has boosted online sales by $26.7 trillion and led to billions more interactions online through increased video conferences and home-based education. And while the online shift is a small example illustrating how our behaviors have changed, the rapid demand for us all to be present online has also led to a dangerous surge in cyberattacks, data breaches and fraudulent activity targeting individuals and businesses.
We saw a 600% increase in cybersecurity threats during the pandemic, starting early with the threats posed by unsecured video conference platforms and the sudden work-from-home population unsafely accessing corporate networks.
Work-from-home continues to challenge the security of networks, with home networks and internet-connected devices offering new access points for cyber criminals, and businesses should be aware of the potential risks to their networks and trade secrets the work-from-home workforce creates. It’s not just putting in place policies and technology to ensure safe practices at home – many employees see safe practice policies as restrictive and, as a result, it’s incumbent on businesses seeking compliance to teach the risks and potential harm to the business and the employee to ensure adherence to the policies.
As the pandemic continues, our concerns for businesses to protect against network incursions continue, along with newly growing apprehensions about unreliable or improperly enabled cloud services, payment fraud, malicious websites acting like legitimate retailers and seeking to scam consumers, and complicated social engineering campaigns attempting to access consumer data or business networks.
As e-commerce and our digital activities evolve, the threats themselves continue to advance. Remaining up-to-date on the current threats is now a full-time activity for most businesses.
In some ways, it’s a matter of when the threat will occur rather than if the threat will occur. According to McAfee Enterprise, during the pandemic 81% of global organizations experienced increased cybersecurity threats and 79% experienced downtime as a result of a cybersecurity incident. While these incidents can lead to humorous stories of vacuums and doorbells not working as a result of an outage of Amazon cloud services, breaches and outages lead to serious and long-term damages to businesses.
In the first half of 2021 alone, data breaches led to the exposure of 18 billion records, and a recent IBM and Ponemon Institute study says the cost of the average data breach is up to $4.24 million. And for a state that is a hub for supply chain firms, it’s a frightening concern that reportedly 97% of supply chain firms have been impacted by a cybersecurity breach.
But, despite all we know about the risk for cyber threats, data breaches and fraud, Shred-It has reported that approximately 67% of the U.S. small businesses they’ve surveyed do not have cybersecurity incident response plans. When a data breach occurs, the business often finds itself scrambling to get attorneys, tech professionals and remedies in place to figure out what data was taken, who has the data, how to fix it and who needs to be notified. It’s a stressful situation, but having a plan in place ahead of time helps activate the key players to resolve the situation quickly, and in the time potentially required under the law.
With cyber threats and related costs only expected to increase in the coming years (seriously, who thought internet-connected vacuums would be a security risk?), 2022 is a great time to talk with tech professionals and attorneys on how to protect your business.