In the digital age, data security attacks are commonplace.
Many businesses face increasingly sophisticated attempts to compromise their digital assets.
Beyond the business and economic consequences, such a breach could seriously damage the reputation of companies that did not do enough to protect their customers' sensitive information, leaving them exposed to attackers.
A recent study conducted by the company NetDiligence stated that over 98% of cyber insurance claims occurred in small and medium enterprises.
From the conclusions of the research it emerged that these businesses do not manage to reduce their information security gaps in the face of increasingly sophisticated attacks.
The complex cost of managing information security in an organization requires expertise and budgets that most small businesses cannot afford.
Where, for example, could there be weak points in the business?
Ayelet Kutner. (Photo: Guy Gilad)
"The dangers that lie in wait for small and medium-sized businesses are changing," explains
Ayelet Kutner
, chief technology officer at the At-Bay cyber insurance company.
"The attackers basically scan the entire Internet with the aim of discovering weaknesses through which they can enter and attack the organization. The common breaches that endanger businesses in most cases come through email, because that's where most businesses manage their main communication, inside and outside the organization."
"In addition, using outdated versions of VPN and antivirus software can one day make the organization an easy target for attackers," Kutner continues and recommends: "Make sure that the solutions you use do meet the security needs of the organization and be sure to update them often. Free web solutions "These will not be enough to give full protection to the organization, and in some cases will even harm it."
What will happen in the event of a hack into the company's systems?
According to Kutner, the two main types of attacks on businesses are impersonation and ransomware.
"In an impersonation event, the attackers take over the email address of a senior figure in the organization, and send messages to employees in his name so that the email and the malicious link in it appear credible. In this way, employees can be made to download spyware (that spies on the user), malicious software (that causes damage to the organization's systems), and ransomware (that takes the the organization's database as collateral and blackmailing it for money in order to get it back), transfer funds to the attacker or provide confidential information of the organization. For all these reasons, it is very important to secure the email layer by configuration or by using a dedicated security service for email," Kutner says.
"In a ransom event, the attackers steal the organization's data and then encrypt the servers. The organization is required to pay a ransom in order to regain access to the information. In many cases, the attackers will also choose to blackmail the organization by threatening to publish the data if the ransom is not paid, and this is what causes many organizations to pay, Even when they have backup on the materials."
According to her, apart from the economic price, in many countries in the US and around the world, every business, small or large, private or public, is obliged to report the theft of user or customer information. It is very important for businesses to protect and insure themselves, since such a report from an external source may lead to a decline significant in the revenues and value of the company.
More in Walla!
10 weeks and you will know how to swim long distances!
At TI we commit to success!
Served on behalf of TI SWIM
What solutions are there for small businesses to guard against the next attack?
"There are many organizational solutions for cyber security, but the prevailing recommendation is to find a holistic solution that will provide a complete technological envelope for cyber incidents, and an insurance protection network in the event of an attack. A technological solution that combines cyber insurance together with protection software managed by a team of information security experts will help small and medium-sized businesses To reduce the ongoing information security gaps in front of the large organizations, and to secure their systems even without huge budgets," Kutner says.
"Such a product actually exactly simulates the activity of the attackers - it scans all the organization's systems with advanced tools and knows how to warn where there are weaknesses that need to be fixed. The complementary envelope in the product is the insurance policy, so that even if the system is hacked, there is someone who will cover the costs."
How is it different from antivirus/VPN/other data security tools?
"Our solution does not replace these solutions, but complements them by looking at the entire organization and constantly performing scans and tests in the organization's systems, in order to map the possible weaknesses and alert them.
We use our own data, collected by continuous monitoring of over 30,000 companies and an in-depth technical examination of hundreds of cyber incidents that our customers have experienced throughout the insurance years. This allows us to give focused feedback on what the points for improvement are and to prioritize them. In addition, we have established a skilled management team that manages the
security The information in the organization for our customers. This is a significant boost for small and medium-sized businesses, which usually do not have such teams on a regular basis. This protective shell insures the organization from damage to the systems and helps maintain the media reputation of the brand."
Marketing and digital
The knowledge bank
Tags
Data Security
Cyber
attack
hackers
Information Systems
reputation