Ransomware has reached new heights with increasing targeted attacks over the past year and a half. There has been a 62% increase in ransomware attacks globally and a 158% spike in North America. And these are only the results of the known and reported cyberattacks. Cybercriminals are using more sophisticated tactics and more dangerous variants. The Colonial Pipeline and the Bruce T. Haddock Water Treatment Plant in Oldsmar, Florida have been the two most recent high-profile ransomware attack targets.
What’s the cost?
Ransomware attacks are difficult to quantify because you have a variety of direct and indirect costs. It will also depend on the magnitude of the attack. Direct costs could include the ransom demands (if the victims choose to pay them) and remediation costs. But there are also indirect costs which we do not always consider. How much downtime has been lost and how much time was taken to restore systems? That is time taken away from the individual(s) daily routine. Has data been lost? Do reports have to be recreated? Has there been any damage done to the city’s reputation? These are just some of the hidden/indirect costs not covered by insurance that the city absorbs.What to watch for and what you can do
2020 brought us a year filled with challenges. Because of COVID-19, employers were forced to create remote workforces and operate with cloud-based platforms. This in turn, created a higher increase in ransomware attacks. Therefore, cities should take a closer look at the cybersecurity industry and ensure best practices are in place.Current industry trends and predictions to watch for in 2021
include:
- The biggest target for cybercriminals is remote workers.
- Cloud breaches will continue to increase.
- The issue of a cybersecurity skills gap will remain.
- With the increase in 5G bandwidth of connected devices, our devices will become more susceptible to cyberattacks.
An action step that cities can take is ensuring that
employees are trained on this topic. NEOGOV offers 14 online training courses
regarding cybersecurity. Some of these include:
- Security Basis
- Preventing Phishing
- Privacy Awareness
- Records Management
- Responsible Use of Social Media
- Security Awareness
Submitted by: Kate Connell, Loss Control Consultant
No comments:
Post a Comment