You may work at a small, local bakery that offers deliveries and wonder “why do I need cybersecurity insurance or pay an outside firm to watch for cyber attacks?” or “why would a hacker want to attack my company? I’m just a baker”. But the reality is that hackers do not care what your company does, as long as you use the internet and collect data (as everyone does), then you are a target.

Real Consequences

Recently, more and more news reports are announcing the latest cyberattacks on multinational companies (think Garmin). Even more recently, school systems have been the most popular target for hackers as school systems have been the slowest to transition to more secure defense systems. For example, Fairfax County School Systems in Virginia faced a major cyberattack that gained access to hundreds of students’ and teachers’ personal information and data. This could lead to an increase in identity theft, providing further repercussions.

The county school system lost the Head of IT, as they stepped down while under scrutiny for not implementing the latest BlackBoard upgrades over the past several years – thereby causing some of the technical issues for students and teachers alike – but had been in the position for more than 20 years. These flaws in the system and the lack of proper cybersecurity defense played a major role in what happened with the school system. As mentioned, you may not think that schools would be targets for cyber attacks, and then again you may think your own company wouldn’t be a target. Until it is.

The Stats

In staggering statistics:

  • 43% of cyber attacks target small businesses
  • A 300% increase in reported cyber attacks occurred since the beginning of WFH orders
  • a cyberattack occurs every 39 seconds
  • 42% of companies get malware/ransomware from e-mails
  • 1 in 13 web requests leads to malware installation
  • The average cost of a ransomware attack on businesses is $133,000
  • 56% of Americans don’t know what steps to take in the event of a data breach.

These are staggering numbers and are a major cause for concern about how we protect ourselves during these unprecedented times.

Hackers Have a Plan

As mentioned, everyone collects data. Hackers like to attack organizations that have weaker cybersecurity protocols in place, and contain plenty of information on their consumers and employees. Once the targeted information is obtained, then a ransom notice is posted regarding the collected data. If the organization agrees to pay said ransom, it could easily cost $500,000 to $10M+ for larger organizations. It’s never guaranteed that the hackers will not extort the money and still sell the data on the black market, but it rarely happens. If the ransom is not paid, and the authorities are not able to retrieve the data quick enough, the hackers will receive the information online and collect payments from cyber crimes for their own dark uses.

Additionally, some hackers have leaked sections of customer information in order to intimidate organizations to pay the ransom fee. This is to indicate that the hackers are very serious about releasing the sensitive data to the dark web. Usually, this occurs after the corporation has taken too long to fulfill the hacker’s request than anticipated. To give in to ransom attacks can be tricky as the government can charge you for complying. Also, by complying you indicate you are a “known payer”, and can be targeted again.

So, if you get targeted with ransomware, remember to never pay the ransom or you could be charged.