Cybersecurity Awareness Month is an internationally recognized campaign held each October to help the public learn more about the importance of cybersecurity. However, year after year organizations are making the same mistakes while ignoring the basics and the underlying numbers do not lie.
Cybercrime costs are expected to grow by 15 percent per year over the next three years. Cybercrime and cyber insecurity are new entrants into the Top 10 rankings of the most severe global risks. In 2018 less than one in seven cybercrimes were reported. In some countries, the reported rate was even lower. In 2023 we are still faced with a situation where less than 25 percent of cybercrimes committed globally are reported to law enforcement.
The average cost of a data breach, including lost business, detection and escalation, notification, and post-breach response, was $4.35 million USD in 2022. The global cost of ransomware was predicted to reach $20 billion USD in 2021, up from $325 million USD in 2015. Ransomware damage costs are expected to exceed $265 billion USD annually by 2031. Organizations have also suffered multiple breaches or repeat breaches within the same six-month time period.
These costs and discouraging numbers have a direct correlation to the lack of basic cyber security hygiene. Using the Centre for Internet Security’s (CIS) implementation group one safeguards, here are the basic cyber security hygiene tasks needing attention from organizations of all sizes.
Many organizations struggle with getting started. We should know by now that security is not a one-time project. Improving an organization’s security maturity, posture, and scoring requires a continuous lifecycle of assess, remediate, validate, reassess. Planning for security and following a continuous improvement lifecycle includes many benefits such as shifting from reactive recovery to more preventative and proactive behaviours.
A successful security improvement journey typically starts with an assessment that identifies current posture and security strengths and weaknesses. The gaps to address are then prioritized and planned for based on available budget and resources and existing technology and tools that can be leveraged right away. When done correctly this plan will address basic cyber security hygiene and current gaps while preparing an organization for medium to advanced security safeguards in the future.
If organizations do not focus on basic cyber security hygiene the bad actors and cybercriminals will for them. The basic safeguards that are ignored or are missing are easy pickings and low hanging fruit for attackers. Most attacks and breaches are simpler to perform than people realize so lets bring basic cyber security hygiene to the forefront this month and always.