The transition to remote work has given cybercriminals more ammunition to go after organizations, and many were not prepared, said Christopher Hartley, director of cybersecurity at Sikich.
According to Sikich’s 2020 Manufacturing & Distribution Report, only 40% of respondents had cyber security controls in place and half of those respondents had experienced some level of cyber security incidents that impacted their business, Hartley said.
“The attacks haven’t changed,” he said. “But the success rates of these attacks have gone up because of the workplace shift."
Many of these attacks are ransomware and phishing attacks, Hartley said. This is when the cybercriminal tries to gain access into an organization by getting someone within to open a link. Often the hacker is posing as someone else within the organization to do so.
To combat these schemes, Hartley recommends providing employee training on good security practices to raise awareness on what these attacks look like. In addition, Hartley also emphasizes the importance in investing in cybersecurity.
“I define cybersecurity as the technologies, processes and practices that are designed to protect organizational networks, devices, programs and data from attacks, damage due to those attacks and any type of unauthorized access to an organizations environment,” he said.
Addressing all those facets requires an investment of time and money.
“Spending X amount of an IT budget to address cybersecurity within an organization can help reduce that risk of exposure that is out there today.”
It comes down to training awareness and getting the word out, Hartley said.
“But you do need to spend some dollars and invest it to protect yourself.”
As for the future, Hartley said cybersecurity should be viewed as a way to help drive business and not be seen merely as insurance.
“I would expect over the course of the next twelve months that a lot more organizations will take it more seriously,” he said.