Cybersecurity: 2022 Look Back. 2023 Look Forward.

By: Raj Patel

January 18, 2023

2022 was a record year with increases in reported cyber breaches and costs to recover from such incidents. In December alone, there were 78 publicly reported incidents with over 31 million records compromised. As cyberattacks continue to escalate, national and local news media are paying more attention and are quick to report these cyber breaches. For small and medium-sized organizations (SMOs), the statistics on the Internet are cause for major concern, including:

  • Top three cyberattacks were ransomware, phishing & malware.
  • 47% of SMOs in the USA have experienced a cyberattack. More than half have experienced more than one attack.
  • 100% of SMOs have experienced multiple phishing attempts.
  • Over 50% of data breaches at SMOs are related to employee errors.
  • Less than half of small businesses carry cyber insurance.
  • 42% of SMOs don’t have a cyber incident response plan.

SMOs are concerned about cybersecurity along with the recession/inflation concerns and supply chain issues. With cyber, SMOs are expecting to see increased attacks and continued lack of cyber resources to help them. When it comes to attacks, SMOs are most concerned with financially motivated attacks like ransomware and fraudulent payment requests.

Which threats are you most concerned about?

Source: Sonic Wall Threat Mindset Survey

Hackers will continue to increase focus on financially motivated attacks, i.e. ransomware. There are multiple ways that a hacker could target a Ransomware attack. While you can’t defend against all of them, there are a few common ones that you can recognize early. Some simply start with a phishing email to trick your employee to click a malicious link or download files with malware. Other times they take advantage of misconfigured systems or a zero-day vulnerability that you have not fixed.

Root Causes of Ransomware Attacks

Phishing

  • Compromise of Login Credentials
  • Download malicious software

Malware

  • Download from emails, internet, USB devices, etc.

Misconfigured Systems

  • Default setting
  • Behind on critical patches
  • Open ports
  • Older software versions
  • misconfigured backup systems

Zero-Day

  • Exploitation of known vulnerabilities
  • Data theft

A new emerging threat in recent years is State-sponsored acts. Countries hostile to the USA will continue to use cyberattacks to disrupt critical infrastructure and businesses. SMOs will be innocent targets in 2023 from State-sponsored attacks.

Another area of concern is attacks at third-parties that impact small businesses. For example, an attack on Amazon Web Services or Internet-carriers, like Xfinity, will impact all SMOs that rely on these services. Similarly, an attack with  a key supplier can impact the operations from lack of raw materials, parts or products. SMOs will need to brace themselves for increased and more sophisticated attacks in 2023—it is better to be prepared and ready to defend.

“By failing to prepare, you are preparing to fail” – Benjamin Franklin

Ransomware is Everywhere

Many reports point to continued increases in ransomware attacks and payments. In 2021, companies in the USA paid $227,266,604¹ in ransomware payments. By mid-year 2022, companies in the USA already paid $136,151,195 in ransomware payments. That is a 17% increase in payments from the prior year!

On average, businesses paid $1.5 million to recover from a ransomware attack and it took, on average, one month to fully recover. These amounts should be deeply disturbing for small and medium-sized organizations (SMOs) who lack the financial and technical resources to respond to a ransomware attack.

A new threat emerged in 2022 – Double Extortion Ransomware. Hackers learnt that organizations with effective back & recovery processes didn’t elect to pay the ransom. With double extortion ransomware, hackers also steal protected data to force the organization to pay the ransom.

In 2023, Hackers will continue to increase focus on financially motivated attacks, i.e. ransomware. There are multiple ways that a hacker could target a ransomware attack. While you can’t defend against all of them, there are a few common ones that you can recognize early. Some simply start with a phishing email to trick your employee to click a malicious link or download files with malware. Other times they take advantage of misconfigured systems or a zero-day vulnerability that you have not fixed.

¹According to Mid-year Update: 2022 SonicWall Cyber Threat Report.

No one is immune

Hackers aren’t discriminating against their targets, they attack businesses of all sizes and types. Companies in Michigan and neighboring states saw attacks across the board, including:

  • Hospitals: While Michigan Medicine took the lead on headlines from their data breach from a phishing attack, there were others including Trinity Health System who suffered a ransomware attack and Wright & Filippis, a provider of prosthetics and orthotics.
  • Schools & Colleges: Some districts in Michigan were closed for a few days from cyberattacks while others paid ransom payments to the hackers. In December 2022, Hope College in Holland, MI was sued and is facing potential class action lawsuit from the cyber incident.
  • Law Firms: In the American Bar Association’s 2022 Technology Survey to its members, 27% confirmed they had a cybersecurity breach. Law firms in Michigan were also a target.
  • Restaurants: Even restaurants and bars have experienced cyberattacks. In November 2022, over 10 restaurants using Cincinnati’s Facebook & Instagram accounts were hacked, credit/debit cards on file were used to buy ad-credits, and inappropriate content was published to ban accounts for life. It created mass chaos for these restaurants as they rely heavily on social media to reach out to their customers about events and deals, especially during the holiday season.
  • Manufacturers: Cyberattacks occurred on the US subsidiary of a Japanese plastics manufacturer, Sumitomo Bakelite North America, headquartered in Michigan.
  • Not-for-Profit: In October, MiTCON, a company that supports non-profit organizations in the Midland area, suffered from a ransomware attack.
  • Local Airports: In October, a number of airports suffered a Denial-of-Service (DOS) attack. These include Chicago O’Hare, Phoenix, LaGaurdia, St. Louis, Georgia, Orland, Colorado, Los Angeles, and Des Moines. None of the Michigan airports reported any cyber incidents in 2022.
  • Local Government: Both Webster Township and Allegan County experienced ransomware attacks in 2022.

The list above is a small sample of reported attacks. There was no pause in January 2023 and SMOs continue to experience cyber attacks.

Prevention is better than the cure

2022 continued the upward trend in cyberattacks and the average cost per data breach. IBM surveyed over 500 organizations and reported that the average cost of a data breach increased to $4.35 million in 2022. For small and medium-sized organizations (SMO), a different data point is more important—average cost per record from a data breach:

The average cost per record breach increased in 2022 to $164. An SMO that lost 10,000 records, will incur $1,640,000 in related expenses:

  • Notification costs: Customers and any third parties whose protected information was compromised will need to be notified of the breach. It is common practice to pay for a one-year credit monitoring for them also.
  • Cyber forensic expert fees: A thorough investigation will need to be completed on what happened to get a clear picture on how many records were compromised. Cyber consultants will also need to assess your systems to make sure the hackers’ access is completely eradicated. Your insurance provider and federal/state regulators will require you to take this very expensive step.
  • Legal fees: Lawyers will need to be involved throughout the process. There is potential for lawsuits from affected parties that will incur lawyer fees and substantial payouts.

Then, there is potential for loss of business due to the breach. There are non-financial costs such as impact on brand, embarrassment from local news media who are quick to report cyberattacks, etc.

Cybersecurity is a chronic condition

Cybersecurity is like a chronic disease. There is no “one pill” that will prevent it. You must improve all areas of your cyber hygiene (described below) to improve your cyberhealth and reduce the risk or impacts from a cyberattack.

General Safeguards

Provide for the understanding and basis for the cyber risks and the framework to implement to mitigate cyberattacks.

Cyberhealth Evaluation

Threats & Vulnerabilities
Controls in Place
SensCy Score

Cybersecurity Policies

Documented Policies
Training

Executive Briefings

Cyber trends
Management / board cyber education

Preventative Safeguards

Prevents or reduces the impacts of cyberattacks.

Education & Awareness

Cyber Awareness Training for all employees & students
Phishing Exercises

Secure Access

Active Directory
Administrative Rights
Role Based Access
Complex Passwords
Multi-factor Authentication
Cloud Access
Personal Devices

Secure Infrastructure

Firewall
VPN
Secure Wi-Fi
Endpoint Protection
Anti-virus
Patches
Software Updates
Physical Security

Secure Cloud

Access
Encryption
Remote Access
Due Diligence

Monitoring Safeguards

Early detection of suspicious activity leading to a cyberattack.

External Vulnerabilities

Dark Web Scanning
Vulnerability Scans – External
Pen Testing

Internal Monitoring

Network Activity Log Reviews
Intrusion Detection Systems

Alerts

Government Agencies
Software vendors
Cyber communities

Recovery Safeguards

Procedures and practices in place to effectively recover from a cyberattack.

Incident Response Plan

Documented cyber-IRP
Tested cyber-IRP

Back-up & Recovery

Backup Schedule
Secure Storage
Recovery

Cyber Insurance

General
Ransomware Insurance

Taking steps beforehand can be critical and mean the difference between your organization’s success or failure when preventing or mitigating the impact from a cyberattack.

Cyber Insurance

In the past, SMOs relied on cyber insurance to help recover from cyber incidents. In 2022, average insurance premiums increased by nearly 25%. In 2023, SMOs should expect cyber insurance to:

  • Increase premiums in 2023 at the time of renewal
  • Include more exclusions and restrictions in the policies
  • Provide evidence of implementing effective cyber safeguards to qualify for insurance
  • Require key controls around multi-factor authentication, endpoint security, and encryption
  • Insist on continued compliance of terms in an insurance policy to approve filed claims
  • Deny claims from state-sponsored threat actors. A state-sponsored threat actor is a loose definition today

The biggest feat for SMOs is not being able to get adequate cyber insurance at an affordable price. Therefore, it is important to start early and implement the safeguards discussed earlier in this article.

Help mitigate your risk of a cyberattack – uncover your SensCy Score™

A great tool to help determine your overall cyberhealth is the SensCy Score™.

It’s akin to a credit rating or FICO score in the sense that it gives you a broad estimation of your organization’s cybersecurity. The score is a good indication of your organization’s cyber hygiene and how prepared your organization is against cyber threats. The score considers information from your system, including preparedness, defenses, detection, response, and recovery. The score is on a scale from 0 to 1000. An organization should strive for a score of 800 or more.

Schedule Your SensCy Score™ Virtual Meeting

Related Posts

  • December 16, 2022

    About six years ago, Aircraft Precision Products was hit with a ransomware attack. Unfortunately, they hadn't been diligent about changing the passwords. So, the attacker actually gained remote access right through the software.

  • December 6, 2022

    Categories: SensCy Cyber Blog

    There has been a work paradigm shift in the United States since the pandemic. A recent McKinsey & Company survey revealed that 58% of [...]

  • November 17, 2022

    Categories: SensCy Cyber Blog

    The Jackson County Intermediate School District was hit with a ransomware attack this past week resulting in canceled classes and major disruption. The cyberattack locked [...]