Cyberattacks are a top risk facing businesses

Middle market companies in all industry segments face a similar suite of business risks involving supply chains, employee health and safety, evolving technologies, customer expectations, regulatory requirements and more. But while all these risks demand attention, one critical risk is growing and evolving daily, with the potential to cause serious and lasting financial and reputational disruption and damage without warning: cyberattacks.

Faced with the day-to-day pressures of running profitable businesses, many midsize companies may be unaware of exactly how vulnerable they are to potentially devastating cyberattacks. By one estimate, up to 60% of small companies will be out of business within six months of a successful cyberattack.¹

It’s easy to see why. Companies have adopted digital tools to enhance productivity, decrease speed to market and increase operational efficiency, a growing number of which are now connected through the Internet of Things (IoT). In manufacturing, for example, production equipment is increasingly connected to computers, which in turn may be connected to other computers to share data. Each of these connections represents an “attack surface” that a bad actor might be able to exploit to gain entry to a company’s network. And as new digital tools are integrated into business processes, the attack surfaces presented to cybercriminals may be multiplying.

Potential openings for cyberattacks

• Connections with external partners – No matter how robust your network security may be, third parties such as vendors, suppliers and customers may not have security protocols adequate to prevent bad actors from gaining entry to your network when connected during the normal course of business. Before allowing external parties any level of access to your network, take the time to learn what their security protocols and practices are.
• New production equipment – When new equipment is integrated into the business environment, it usually requires the assimilation of dedicated operational software. If that software has been compromised during the equipment manufacturer’s coding process, you could be inviting malware into your network.
• Wireless connectivity – The expanding use of wireless connectivity — such as wireless printers and other internet-capable devices — can offer additional points of entry for network incursions. While wireless connectivity can add great efficiency, keep in mind that such connections may be no more secure than a public internet connection.
• Wearables – Wearable technology intended to enhance employee safety and health, such as smart watches, fitness trackers, smart glasses and headgear, wearable medical devices, and even smart clothing accessories, can represent another vulnerability.

Ransomware can kidnap your data and network access

For all businesses, ransomware may represent the most insidious and potentially damaging form of cyberattack. Ransomware typically affects critical systems central to a company’s operations, encrypting data, locking out access to authorized employees and threatening deletion if a ransom is not paid by a specified deadline. For cybercriminals, obtaining ransomware is an increasingly lucrative, low-risk activity. Ransomware packages are available on the “dark web” for as little as $50, and so simple to use that even novices can readily infect networks of vulnerable businesses after briefly familiarizing themselves with the malware.

Despite this steadily growing threat, many companies are underprepared for ransomware and other forms of cyberattacks. The National Institute of Standards and Technology (NIST), part of the U.S. Department of Commerce, offers the following advice in the form of five steps toward building a strategy to prepare for and recover from cyberattacks:²

1. Identify

Identifying potential cyber risks in a company’s operations represents stage one of the NIST strategic, five-step approach. This step calls upon corporate risk managers and executive leadership to perform an in-depth threat assessment of all potential cyber risks and network entry points. Calling upon the expertise of external cyber risk professionals would be a prudent investment if the organization does not possess the in-house depth of knowledge to do a comprehensive assessment.

2. Protect

The second step is to develop safeguards for critical business processes and assets. This entails managing employee access, creating firewalls and using other technology-based solutions to detect known strains of ransomware in communication flows, blocking corrupted or malicious traffic. Many reliable cybersecurity programs are available to assist midsize businesses in blocking increasingly sophisticated cyberattacks. In addition, employee cybersecurity training is critical. Many ransomware attacks are initiated through infected email attachments that may be opened inadvertently by employees.

3. Detect

The third step of the NIST strategy is to detect attempted incursions by cybercriminals in real time. This means adopting continuous monitoring solutions to spot anomalous activity as it is happening. A variety of network monitoring vendors are available to offer this service to businesses. If an event is detected, the business needs to work quickly to understand the scale and impact and communicate with the appropriate stakeholders.

4. Respond

No matter how well-trained your staff or level of network monitoring may be, at some point you may be faced with a garish red or blue screen displaying a menacing message that your network and data are now encrypted and will be lost if you do not pay up by a certain date. In preparation for such an event, your company should have a regularly tested response plan in place, including the ability to back up files to a location isolated from your network to eliminate the possibility of infection.

5. Recover

The final step in the NIST framework is to recover. Activate your response plan, including any third-party technical assistance engaged to help you clear the malicious software from your network. Once this is done, upload your backed-up data and ensure that security protocols are in place. A post-event assessment of what went wrong and how the incursion happened will be critical in preventing future attacks.

Build a culture of cyber resilience

Strengthening network security and building a culture of cyber resilience is a team effort that must include everyone within your organization. Inadequate password hygiene, inability to recognize email phishing attempts, failure to update legacy systems and equipment, and other security lapses can result in downtime that affects jobs and customer relationships. Cybersecurity training should be a key component in the onboarding process for new employees and on an ongoing basis for everyone in the organization.

And remember, building cyber resilience begins with a network review and threat assessment of your current framework by experienced cybersecurity consultants. This will include a determination of whether malware may already be embedded in your network and a complete review of all potential points of entry. Once the assessment is completed, a process of ongoing monitoring by cybersecurity professionals, as well as vigilance in updating all operational software, will provide the protection needed in a digital environment growing riskier every day.

For information about Zurich tools and insights designed to help customers build cyber resilience, visit our Cyber Insurance page. 

References

1. Morgan, Steve. “60 percent of Small Companies Close Within 6 Months of Being Hacked.” Cybercrime Magazine. 17 October 2022. 

2. The Five Functions. NIST Security Framework. 16 March 2023.