by Sarah Hamlat ,
06/10/2022 · 4-minute read
Staying up to date with the evolving threat landscape is essential for both preventing cyberattacks and maintaining resilience, especially with the increase in the number of employees working remotely.
Cyberattacks can have significant impacts on organizations in key areas, including:
Ransomware: According to a recent survey from Marsh and Microsoft, 33% of MEA respondents consider ransomware their top cyber threat. Ransomware is a type of malware that uses encryption to prevent users from accessing their system until a ransom is paid.
Many organizations, both globally and in the MEA region, feel that they are inadequately prepared to combat this threat. In fact, ransomware has become so pervasive that ransomware-as-a-service (RaaS) is sold to would be cyber attackers, much the same way software-as-a-service (SaaS) is legitimately sold. RaaS enables attackers who may lack the time or skill to develop their own ransomware to infect organizations with ease.
As 62% of MEA respondents believe that a lack of assessment of their vulnerabilities to ransomware contributes to attacks, it is crucial for companies to take steps to better prepare themselves.
Social engineering: Home and remote work, which generally increased during the COVID-19 pandemic, is considered by 71% of MEA respondents to put their organization most at risk of a cyberattack, as it may lead to increased phishing and social engineering attacks. By using disguised emails that seem to come from a reputable source, attackers can trick recipients into downloading malware — such as ransomware — or giving up important information, including login credentials, financial information, or company data.
Ultimately, successful phishing or social engineering attempts can lead to privacy breaches, business interruption, and financial losses. Phishing is often successful due to insufficient employee training and awareness.
Third-party vulnerabilities: Data breaches may also come from compromised third-party vendors and suppliers. It is critical for companies to assess the full scope of their third-party relationships and take effective cybersecurity measures to mitigate the risks.
Preventing cyberattacks and maintaining resilience requires enterprise-wide participation, as every employee is a link in your security chain. Employees should be aware of measures such as the 12 key cyber controls, which many underwriters look for as signs of effective cyber risk management.
To help increase cyber resilience, department leaders, including those in risk and insurance, finance, and IT and cybersecurity can take steps including:
C-suite executives can takes steps including:
Unawareness of your organization’s cyber risks increases the chances of it and your employees falling prey to specific attacks. By increasing your understanding of the top cyber threats facing your company, by constantly monitoring and assessing your cyber risks and engaging in regular training, you can help decrease the chance your company will be sidelined by a cyberattack.