Posts

As we look back on 2023, the surge in cyber attacks has emerged as a formidable challenge, particularly for small and medium-sized businesses (SMBs). With limited resources and often less sophisticated security measures, SMBs have become attractive targets for cybercriminals. Recent statistics reveal a concerning trend: as of 2021, a staggering 61% of SMBs have been the target of a cyberattack, and alarmingly, 46% of all cyber breaches have impacted businesses with fewer than 1,000 employees. This underscores a critical need for SMBs to recognize and respond to the heightened risks they face. 

On average, these incidents cost SMBs an alarming $25,000, a significant financial strain that can jeopardize their survival. The rise in cybercrime is not just a statistic; it’s a call for SMBs to fortify their digital defenses.


Understanding the Current Cybersecurity Landscape 

Common Types of Cyber Attacks: Among the myriad of cyber threats, certain types are more prevalent in targeting SMBs. Malware, especially, stands out, with 18% of attacks on small businesses being malware-related. This category includes ransomware, a particularly destructive type of malware that has seen a 93% year-over-year increase in attacks. These attacks not only disrupt operations but also come with hefty recovery costs and ransom demands. 

The Financial Burden: The financial implications of these attacks are substantial. The average cost of a data breach for SMBs has escalated to $4.35 million, the highest on record, and the recovery from a ransomware attack can cost nearly $2 million. For SMBs, these figures represent not just a financial setback but a potential threat to their very existence. 

The Prolonged Response Time: Another critical aspect of the current landscape is the time it takes to identify and contain a breach. On average, it took about 277 days, approximately nine months, to identify and contain a breach in 2022. This prolonged response time can exacerbate the damage caused by a breach, both financially and in terms of customer trust. 

The Role of Human Error: It’s important to note that human error plays a significant role in the vulnerability of SMBs to cyber attacks. A significant portion of breaches, 43%, involve insider threats, either intentional or unintentional. Additionally, the fact that 94% of malware is delivered via email highlights the need for continuous employee education and vigilant email security practices . 

The Impact of Remote Work: The shift to remote work has introduced additional complexities. Remote work not only increases the attack surface for cybercriminals but also leads to higher costs per breach. Distractions at home contribute to employees falling prey to phishing scams, and breaches in remote work settings take longer to contain. 

The cybersecurity landscape for SMBs is characterized by a high frequency of targeted attacks, significant financial implications, and extended breach identification times. These challenges are compounded by factors such as human error and the increasing prevalence of remote work. Understanding these dynamics is the first step for SMBs in developing a strong cybersecurity strategy that can withstand the rising tide of cyber threats.

The Impact of Cyber Attacks on SMBs 

Cyber attacks on small and medium-sized businesses (SMBs) have wide-ranging and serious consequences, extending beyond immediate financial losses: 

  • Financial Strain: The average cost of a data breach for SMBs is around $4.35 million, and recovering from a ransomware attack can cost nearly $2 million. These costs can significantly strain an SMB’s finances, sometimes leading to bankruptcy. 
  • Operational Disruptions: Cyber attacks can cause extended operational downtimes due to the average breach detection and containment time of 277 days. This downtime disrupts business continuity, affects productivity, and can result in the loss of clients. 
  • Reputational Damage: A security breach can severely damage an SMB’s reputation, leading to a loss of customer trust and potentially long-term business relationships. 
  • Legal and Regulatory Consequences: Breaches can lead to legal and regulatory issues, especially if sensitive customer data is compromised, attracting fines and legal actions. 
  • Psychological Impact: The stress and anxiety associated with a cyber attack affect both business owners and employees, impacting morale and job security. 
  • Strategic Setbacks: Resources diverted to manage and recover from an attack can delay or cancel business growth or innovation initiatives. 
  • Increased Cybersecurity Costs: Post-attack, businesses often face increased spending on cybersecurity measures, adding to financial burdens. 

The multifaceted impact of cyber attacks underscores the necessity for SMBs to prioritize robust cybersecurity measures to safeguard their operations, finances, and reputation. 

Key Vulnerabilities in SMBs 

Small and medium-sized businesses (SMBs) face several cybersecurity vulnerabilities: 

  • Limited Resources: Often lack sufficient financial and human resources for comprehensive cybersecurity. 
  • Employee Training Gaps: Insufficient cybersecurity training for employees, leading to vulnerabilities, especially with email-based malware threats . 
  • Outdated Technology: Use of outdated hardware and software, increasing susceptibility to breaches. 
  • Inadequate Access Control: Often lack effective access management, heightening the risk of insider threats . 
  • No Incident Response Plan: Many SMBs lack a defined plan for responding to security incidents, leading to exacerbated damages. 
  • Underestimation of Threats: A tendency to underestimate the cyber threat landscape, resulting in a reactive approach. 
  • Remote Work Challenges: Increased remote work expands the attack surface and complicates breach containment. 

Addressing these vulnerabilities is essential for SMBs to strengthen their cybersecurity defenses against evolving threats. 

Strategies for Enhanced Cybersecurity 

  1. Regular Updates and Patch Management: Ensure devices are configured for automatic updates and regularly check for installed updates. 
  2. Strong Password Policies: Implement policies for complex, unique passwords, and encourage using password managers. 
  3. Access Control & Multi-Factor Authentication: Employ strong access control and multi-factor authentication to prevent unauthorized access. 
  4. Data Backup and Recovery: Maintain reliable data backups and test backup procedures regularly, especially against ransomware threats. 
  5. Firewall and Endpoint Detection: Implement firewall security and endpoint detection systems to block suspicious traffic and identify unusual activities. 
  6. Data Encryption: Encrypt sensitive data both at rest and in transit. 
  7. Regular Security Audits: Conduct audits to evaluate cybersecurity controls and address vulnerabilities. 
  8. Incident Response Plan: Develop and regularly rehearse a detailed incident response plan. 
  9. Employee Education and Awareness: Train employees on cybersecurity best practices, including recognizing phishing attempts. 

Professional Cybersecurity Solutions 

Consider solutions like CoreArmor and CoreComply, which provide advanced threat detection, managed security services, and strategic planning tailored to SMB needs. CoreArmor, for example, bundles essential cybersecurity services into a comprehensive package, covering real-time monitoring, incident response, penetration testing, vulnerability scanning, and user awareness training. While CoreComply, strengthens compliance operations, aligning them with business processes and helping to identify and close gaps in current practices. 

Implementing these strategies and leveraging professional solutions like CoreArmor and CoreComply can significantly enhance an SMB’s cybersecurity posture, protecting against a broad spectrum of cyber threats and vulnerabilities. 

What You Can Do

In the face of evolving cyber threats, small and medium-sized businesses must prioritize robust cybersecurity. Coretelligent offers tailored solutions like CoreArmor and CoreComply, blending advanced threat detection, strategic planning, and compliance management. Protect your business with our comprehensive cybersecurity services. 

If you’re interested in learning what you can do to fortify your business’s defenses, watch our recent webinar, where we bring together a panel of experts, including an FBI special agent that that works on cybercrime cases, a cyber insurance specialist, and our very own team as they dive into trends, tips, and valuable insights you can use to understand the various threats at play.  

 

Cyber attacks are becoming increasingly common, and cybercriminals see small to medium-sized businesses as prime targets. The devastating consequences of a cyber attack can be long-lasting and far-reaching, as demonstrated by the chilling story of Expeditors, a logistics company that fell victim to a ransomware attack in 2022 and discovered the true cost of cyber attacks.

[ez-toc]

cost of cyber attacks

The Immediate Effects of Expeditors’ Cyber Attack

The ransomware that hit Expeditors left their data and infrastructure at risk, forcing them to halt operations. The immediate effects of the attack were catastrophic, resulting in $47 million in lost revenue, overages, and payouts to customers. Additionally, the company spent $18 million on remediation and recovery efforts, further impacting its bottom line.

Ongoing Impacts: The 2023 iRobot Lawsuit

The fallout from the cyber attack didn’t end with the initial shutdown. In February 2022, Expeditors CIO Christopher J. McClincy said, “The cyber-attack limited our ability to arrange shipments or manage customs and distribution activities, or to perform certain accounting functions, for approximately three weeks after the attack.” Later in the statement, he added, “We continue to navigate residual effects.”

Then in 2023, the company was hit with a lawsuit from iRobot, one of their biggest customers. The lawsuit claims “Expeditors’ own inattentiveness and negligence exposed its systems to attack, and Expeditors lacked and/or failed to implement the necessary business continuity plan to ensure that it could continue providing services to iRobot.”

This legal action added to the ongoing financial impact faced by the company and reignited news stories about the attack—likely impacting the company’s reputation with potential clients, current clients, partners, investors, and other stakeholders.

What’s Your Risk Exposure?

The story of Expeditors should serve as a stark example of the increasing threat that cyber attacks pose to all businesses, but especially to small and mid-sized companies. According to a recent report, 47% of all U.S. businesses suffered some kind of cyber attack in 2022. At the same time, another report found that companies with less than 1,000 employees are three times as likely to be the target of a cyber attack as larger businesses like Expeditors.

Cybersecurity experts say that it’s not if a company will be a target, but when. In fact, a study of penetration testing results found that cybercriminals can penetrate 93 percent of company networks.

Invest in Proactive Measures

Small to medium-sized businesses are seen as easy targets by criminals since they often invest less in cybersecurity and lack security expertise. Cybercriminals understand this and take advantage of these weaknesses, using techniques like phishing, malware, ransomware, and other malicious tactics to gain access to sensitive data or disrupt operations. As a result, it is essential for businesses to invest in robust cybersecurity solutions that can help protect them from cyberattacks.

However, according to the Cyberspace Solarium Commission, many “cybersecurity budgets at U.S. organizations are increasing linearly or flat” when they should be growing in response to the exponential growth of cyber threats.

Best Practices to Mitigate the Risk from Cyber Attacks

Investing in multi-layered cybersecurity is the surest way to keep you and your company out of the headlines. By implementing cybersecurity solutions utilizing best practices, businesses can significantly reduce the likelihood and severity of a cyber incident.

Some key strategies include:

  1. Investing in robust security solutions: Deploying firewalls, real-time monitoring, and intrusion detection systems can help identify and prevent unauthorized access to your network and data.
  2. Regularly updating and patching systems: Keeping software and systems up to date ensures protection against known vulnerabilities, making it more difficult for cyber criminals to exploit your systems.
  3. Implementing strong access controls: Restricting access to sensitive data and systems through multi-factor authentication and the principle of least privilege minimizes the risk of unauthorized access.
  4. Educating employees on cybersecurity best practices: Regular training on topics such as recognizing phishing emails and creating strong passwords can reduce the risk of employees inadvertently compromising your network.
  5. Developing a comprehensive incident response plan: A well-defined incident response plan outlines the steps to be taken during a breach, including containing the incident, assessing the damage, and recovering from the attack.

By learning from the Expeditors case study and prioritizing cybersecurity, businesses can better protect themselves from the devastating consequences of cyber attacks and ensure long-term success. Protect your business from cyber threats with a comprehensive security risk assessment that can help identify any areas of vulnerability and provide guidance on best practices to shield your organization.

disaster recovery as a service

Disaster Recovery as a Service (DRaaS)

The modern business runs on IT and data. Both underpin every business function and act as revenue generators. But as IT becomes more valuable to your organization, protecting your investment with backup and disaster recovery solutions like Disaster Recovery as a Service (DRaaS) becomes even more critical.

What is DRaaS?

Disaster Recovery as a Service is a flexible and robust cloud computing backup solution delivered with the ease of Software as a Service (SaaS). The SaaS approach means organizations have a reliable and flexible backup solution without the hassle of owning, maintaining, and managing those resources. Brien Posey sums it up best in Conversational Disaster Recovery as a Service, co-sponsored by Veeam, “DRaaS is essentially a subscription-based disaster recovery service.”

DRaaS differs from a traditional backup solution that merely creates a copy of an organization’s data. With DRaaS, in the event of a disruption, an organization can simply switch over operations to the cloud allowing for business continuity.

The best disaster recovery (DR) services and DRaaS providers make it simple and easy to maintain business continuity and ensure data loss prevention via file syncing for your systems. However, as business data can often be fragmented between different systems, applications, and IT infrastructure, extra attention to detail is required to prevent data loss and ensure operational continuity.

Even the most severe failure can result in minimal disruption if you have good continuity and recovery planning. DRaaS providers work with the most complex data sets, often within native or hybrid clouds, to ensure business continuity in the event of loss or failure of data and critical systems.

Expect the Unexpected

DRaaS can help protect your business from any number of threats, including:

  • Severe Weather

Because DRaaS is a cloud-based solution, you’ll be able to access your data from any location with an internet connection. If a natural disaster makes your office unusable,  your business can continue remotely.

  • Cybersecurity Threats

Data breaches are a major concern for businesses, and DR and DRaaS can help protect against them. Malware and ransomware are a particularly dangerous and prevalent threat, but human error and natural disasters can just as easily disrupt applications, workflows, and revenue production.

  • WFH Security

As remote working has become a regular part of business, DRaaS is powerful and flexible enough to handle the demands of the modern workplace.

The Importance of SLAs in DRaaS

The key element to any DR plan is will it work when needed. Best practices indicate that DR plans be tested every six months. Without that testing, there is no assurance that your organization can recover from an event. An experienced and comprehensive DRaaS provider will assist with DR testing and offer guarantees of successful testing along with solid service level agreements (SLAs) to back up their DR capabilities.

An SLA should clearly document the recovery plan’s RTO and RPO. A Recovery Time Objective (RTO) is the time that elapses between an incident and the resumption of critical business processes. A Recovery Point Objective (RPO) defines how much data it can afford to lose measured in time. These are essential metrics for any DR plan, and the SLA should be clear about how the DRaaS provider will ensure these standards.

How DRaaS Provides Ransomware Protection

With the rise of ransomware, businesses must implement a bifurcated cybersecurity model to ensure long-term resiliency. The first branch comprises a business’s security program to prevent cyber incidents. At the same time, the second branch consists of all company preparations for recovery if the cybersecurity program fails. Both must receive equal care and attention in their planning and execution.

DRaaS falls into the second branch. DRaaS can help recover from a cyber event quickly, including ransomware. When paired with Backup as a Service (BaaS), which focuses on preserving data, DRaaS can offer fast recovery for parts of the IT ecosystem that haven’t yet been affected by malware or ransomware.

Additional Benefits of DRaaS

  • DRaaS can free your internal IT team to focus on core operations and innovation.
  • In business, time is money, and DRaaS can shorten your recovery time in the event of a disruption.
  • DRaaS solutions are more cost-effective than fully in-house disaster recovery programs.
  • Since DRaaS is a cloud-based solution, you can run your business from anywhere–even in the event of a natural disaster.
  • By choosing a DRaaS provider, you benefit from their years of experience and knowhow. This assistance can help your company avoid costly DR planning, testing, and execution mistakes.

DRaaS: Reliability is the Goal

A good disaster recovery plan should ensure the data protection and continuity of your business, no matter the type of disruption. This planning requires both due diligence and dialogue with all stakeholders to ensure that nothing is overlooked.

In searching for a DRaaS provider, an excellent first step is connecting with trusted peers to inquire about their solutions, ask what lessons they have learned, and seek out recommendations for managed DRaaS vendors.

After gathering information from vendors, compare their expertise, benefits, and results. Most importantly, talk to your business’s leadership about disaster recovery. It’s a business decision, not one for IT alone.


About Chris

As Chief Technology Officer at Coretelligent, Chris Messer is a transformational and strategic IT leader who establishes and leads Coretelligent’s technical vision and technological development. Click here to learn more about Chris.

 

Business Resiliency and Disaster Recovery (DR) are critical for any organization, but these activities are particularly vital for financial services firms.

Sensitive data and compliance requirements create additional pressures to safeguard systems and ensure data recoverability.

Furthermore, the reputational damage caused by data loss or an extended outage can be catastrophic.

In today’s uncertain atmosphere, it’s important to note that a disaster can come in many forms — such as a company that is suddenly under quarantine that doesn’t have the infrastructure in place to support remote operations.

Taking the following steps can help assure operational continuity and data protection.

If your firm does not currently have an experienced internal IT team, a trusted managed IT provider should be engaged to provide guidance.

1. Establish a Business Continuity Plan (BCP):

  • Meet and collaborate with leadership from all teams to identify and document critical data, systems, and applications.
  • Perform a risk assessment of this list. Identify any potential internal and external threats, the likelihood of each, and the severity of impact.
  • Classify data and applications according to criticality.
  • Consult with business line managers to define recovery objectives for each classification.
  • Identify and document any compliance requirements for data backups and disaster recovery (DR).
  • Include considerations for potential scenarios including but not limited to office closures and quarantines.
  • Determine the appropriate tools and processes to meet the identified requirements.
  • Select at least one Point of Contact (PoC) and secondary contacts to execute and oversee the BCP in a disaster scenario.
  • Include names and contact details for all BCP team members.
  • Document and communicate the plan. Ensure that all stakeholders and dependent personnel are informed of the BCP and have access to it.

2. Test Your Business Continuity Plan

  • Review the results from the last test. Confirm gaps have been remedied.
  • Perform a walkthrough with your BCP team, IT provider, and cyber/risk consultants to ensure everyone is clear on their role and the plan as a whole.
  • Execute the plan and document any newly discovered gaps, challenges, and improvements.
  • Make relevant adjustments, if needed.

3. Validate Vendor Readiness

  • Verify the ability of critical service providers to support your business during a disruption.
  • If a service provider is not prepared, consider an alternative vendor or work with them to see how you can assist.
  • Develop alternative processes (e.g., manual or in-house) to ensure the continuation of critical business operations.

4. Ensure Remote Access Capabilities for Essential Personnel

  • Provision laptop computers for personnel who are essential to business operations.
  • Require employees to carry laptop computers home each day.
  • Confirm remote access solutions like VPN or VDI are operational and that personnel are trained in usage.
  • Test employees’ ability to work remotely (e.g., rotate staff to work remotely on selected days during the week to identify issues proactively in anticipation of a facility closure or quarantine order).

5. Conduct Training

  • Conduct a webcast or to review the BCP with your entire organization.
  • Ensure BCP team members understand roles and responsibilities during a business disruption.
  • Conduct tabletop exercises in preparation for office closures, quarantines, and health emergencies as well as public transportation and critical service provider disruptions.
  • Ensure employees understand how to work remotely and who to contact regarding access issues.

By following the above steps your firm will be prepared for business disruption and will be positioned to minimize the impact.

If you or your firm needs any assistance with developing a business continuity plan, IT strategy, cybersecurity solutions or compliance reporting, Coretelligent is here to help.

Contact our team of experts at 855-841-5888 or via email to info@coretelligent.com to schedule your complimentary initial consultation

Financial Services Vulnerabilities

Financial services institutions have long been a top target for cyber threats. Access to a large amount of sensitive and confidential information makes the financial sector a target-rich environment for cyberattacks. In addition to mitigating cybersecurity threats, financial firms must also prioritize maintaining and strengthening compliance. These balance of these two priorities presents a unique set of challenges for companies in financial services.

With the inherent diversity of the financial services sector and the shifting cybersecurity and compliance landscape, identifying a one-size-fits-all set of vulnerabilities for all financial services institutions is impossible. However, there are common vulnerabilities to be aware of.

  • Reactively Evaluating Current Cybersecurity Posture:

    Institutions cannot address cybersecurity and compliance vulnerabilities of which they are unaware. Moreover, leaving these vulnerabilities unaddressed can have costly consequences. If unaddressed until an incident occurs, institutions have no choice but to utilize a reactive approach that can leave the business facing outages and shaken customer confidence. Instead, financial service firms should consider taking a proactive approach. By utilizing Coretelligent’s Cybersecurity Evaluation Checklist designed for financial services as a jumping-off point, financial service firms can do an initial assessment of existing vulnerabilities to discuss with a managed service provider (MSP).

  • Ransomware Attacks:

    As the world continues to become more digitally integrated, opportunities for ransomware attacks grow exponentially. In a ransomware attack, attackers use malware to gain access to your organization’s systems or data and hold that data until a ransom is paid by the organization. The results of these attacks are devastating. In addition to the price of the ransom, there are legal fees and other costs associated with damage control, as well as potential loss of data.

  • Access Vulnerability:

    Flaws in various levels of access to information can leave sensitive data exposed and vulnerable for attackers. Cybersecurity integration is key across all divisions and at all levels of access in an organization. Cybercriminals will seek to exploit any weaknesses identified at any level, regardless of the internal structure of the business.

  • Managing Compliance:

    The evolution of information technology has increased the compliance burden on the financial services industry. Financial service organizations are amongst the most regulated business segments in the U.S. However, simply maintaining compliance may no longer be enough. Instead, actively managing compliance risk and strengthening compliance overall is key in earning customer confidence and avoiding costly penalties.

  • Business Continuity:

    What comes next if the worst happens and a cyberattack hits your company? Is your data backed up safely? How quickly would you be able to restore access to users? A proactive and dynamic backup and disaster recovery solution is critical for preventing business interruption and loss of essential data, which could trigger a compliance violation. Off-the-shelf, onsite backup solutions often do not provide the level of performance required to meet the needs of financial and investment organizations. It is vital to establish a solution before an outage to ensure timely recovery and minimize interruption time for clients.

Addressing security and compliance vulnerabilities may seem challenging, but Coretelligent can help. Working with Coretelligent means working with an IT partner who understands both the security and compliance needs of the financial services sector. Contact us today at 855-841-5888 or fill out our online form.

FINRA Rule 4370

FINRA Rule 4370

The Financial Industry Regulatory Authority (FINRA) recently announced the completion of the review process for FINRA Rule 4370 and upholds the Rule as it currently stands. The agency put the Business Continuity Plan (BCP) Rule 4370 into place to ensure continuity of operations for broker-dealer firms following a disruption or disaster. FINRA based its decision to keep 4370 intact on the recently completed BCP Rule and Pandemic Review, both of which highlight the benefits of the Rule.

The FINRA BCP Rule requires broker-dealers to maintain continuity plans designed to ensure their ability to resume business operations after an interruption or in the event of a disaster. Regulatory Notice 21-44 provides clarification of FINRA’s compliance obligations for broker-dealers waiting to see where the agency would land regarding updating or maintaining the Rule.

Background on Rule 4370

In early 2019, announced a review of the Rule to determine its effectiveness and viability. In addition, the agency considered the costs, risks, and benefits associated with developing, maintaining, and implementing BCPs against not utilizing them.

According to FINRA’s announcement, stakeholders reported that Rule 4370 was working as intended. FINRA observed that the Rule’s “flexible, non-prescriptive, and risk-based approach has been effective in ensuring firms of all sizes are prepared for potential business disruptions.”

Additionally, during the early stages of the pandemic, FINRA also published Regulatory Notice 20-08, which recommended that member firms review their plans for pandemic preparedness.

What Does This Mean For Your Firm?

FINRA has made it clear that firms should continue developing and maintaining plans according to Rule 4370. However, the agency will not be providing specific guidance; firms are on their own when it comes to fulfilling the requirements for compliance.

What Are the Next Steps?

New and established brokerage firms will need to evaluate their status regarding Rule 4370 to guarantee compliance and that they are operating with an effective BCP. However, a BCP alone is not enough to ensure continuity.

For firms looking to assess their disaster readiness and compliance, there are six critical components of a BCP that will be there when you need it.

    1. Establish or Evaluate Existing BCP
    2. Test BCP
    3. Validate Vendor Readiness to Support BCP
    4. Ensure Remote Access for Essential Personnel
    5. Educate Personnel and Conduct Training
    6. Routinely Repeat this Process

By following these steps, your firm will be prepared for potential business disruptions and remain compliant. Of course, there is more involved in each of these steps. For more granularity, read our post, Business Continuity Checklist for Financial Services Firms, which outlines just how to assure operational continuity and data protection.

Coretelligent is here to help your firm navigate the details in developing and maintaining a business continuity plan. We can also assist with incorporating it into your IT strategy, cybersecurity solutions, and compliance reporting. As an MSP with considerable experience within the financial services industry, Coretelligent understands the regulatory imperatives required of you and your business. That is one of the main benefits of working with an IT partner with deep industry knowledge and expertise.

Reach out and we will work with your IT and compliance teams to review your BCP and develop a roadmap to make sure your firm is secure.