Cyberthreats are happening more frequently and Hawaii businesses are not immune. During a recent Hawaiian Telcom University educational event, we reviewed local cybersecurity trends and discussed how businesses can better prepare for cyberattacks. Below are the top 10 takeaways from the event.
1. Your business is always a potential target for a cyberattack.
When it comes to cybersecurity measures, many businesses, especially here in Hawaii, often think they are not large or special enough, or that our state is too remote to interest cybercriminals. This is not what the experts are seeing right now. Automated attacks continue to rise year after year. Cybercriminals are not going for quality, but for quantity. They will target as many businesses as they can, regardless of their size or geographical location, looking for weaknesses. Therefore, when it comes to cybersecurity, even doing the basics helps prevent an automated attack.
2. Hawaii cyberattack statistics are alarming.
According to the FBI Internet Crime Compliant Center, in 2020 the total reported victim losses were $13,671,531 in Hawaii alone. There were 1,978 incidents in the state over the course of the year, with $3,168,489 successfully swindled by cybercriminals. It is important to keep these numbers in mind when considering how much risk you need to plan for your organization.
3. Phishing attacks are becoming more sophisticated.
Business email compromise remains the main gateway to organizations. Cybercriminals use email accounts to gather important information, such as who makes the decisions or whether there are any big transactions coming up. The most likely time for a breach is on weekends and holidays, so businesses should be extra vigilant during these times. There is also a large amount of data being leaked all the time. Cybercriminals do what’s called open-source intelligence gathering, which is collecting information from a publicly available source, such as companies’ social media sites. Armed with this information, cybercriminals are able to contact employees with malicious emails.
4. Distributed Denial of Service (DDoS) attacks are continuously increasing.
Experts are seeing an increase in DDoS attacks, when cybercriminals block business websites and demand a ransom in return for access. According to Radware’s Quarterly DDoS Attack Report, in the second quarter of 2021, the average blocked volume per customer increased by 40% compared with the same period in 2020. The average attack size in Q2 grew by over 10%. The most targeted industries are technology, health care and finance.
5. Ransomware attacks are evolving.
This year we saw some of the biggest ransomware attacks, such as Colonial Pipeline, JBS and Kaseya VSA. In addition to the victim’s data being encrypted, there are now cases of it being auctioned to the highest bidder if the ransom is not paid.
6. Consider your maturity level before implementing any new security measure.
With the numerous cybersecurity measures available, you need to consider the level of maturity of your business before implementing any new cybersecurity solution. It is important to start with the basics, as illustrated in the Cybersecurity Maturity Model Certification Pyramid.
7. Cyber liability insurance is just a piece of the puzzle.
Cyber liability insurance is not a replacement for good cybersecurity controls. You would not drive your car without a seat belt even if you have full coverage. It is usually just a piece of the puzzle, an addition to all the basic cybersecurity measurements such as getting your maturity model up to a certain level, good logging, patching and monitoring. Virtually every organization needs cyber liability insurance; however, there are a few important things to keep in mind:
Insurers are now requiring proof of security controls. They want to ensure businesses are doing their part to avoid cyberattacks.
The average insurance premium in Hawaii is $1,519 per year ($1 million coverage and $10,000 deductible). It should be expected that the premiums will rise sharply after a cyberattack.
8. Hiring a cybersecurity specialist is getting harder.
Finding a cybersecurity candidate prior to 2021 was already difficult. Switching to remote work has changed the game. With cyberattacks on the rise, cybersecurity experts are now in high demand. There are more than 500,000 cybersecurity job openings in the U.S. today.
9. Cybersecurity training is transforming.
Instead of the training that costs several thousands of dollars, “pay what you can” options became available for some of the introductory training. Some companies are even offering cybersecurity training for free. This training model is making it easier for those considering cybersecurity as a career to pursue their vocation.
10. Actions you can take to protect your business from cybercriminals.
There are certain practices that proved to be effective against cyberattacks. Here is the list of some actions you can take:
>> Disable Remote Desktop Protocol (RDP) to the internet.
>> Test your backups. Follow the concept 3-2-1 — have three copies, two on-site and one off-site.
>> Establish a regular patching cycle.
>> Install effective email filtering.
>> Vet third parties.
If you want to find out more about the information presented at Hawaiian Telcom University event, you can watch the recording of all three cybersecurity sessions at bit.ly/30ZnwGE.
———
Evan Horton is a senior manager of network services operations for Hawaiian Telcom. You can reach him at evan.horton@hawaiiantel.com.
