Covid-19 forced organizations to evolve their business models overnight. The demand for digital infrastructure has skyrocketed and industries are seeing large-scale adoption of work from home.
Unauthorized software, unsecured devices, stressed and distracted workers have expanded the attack surface and left businesses exposed to many cyber risks. Per a recent FBI report, cybercrime has almost quadrupled amidst the pandemic. Cyber predators are preying on COVID-19 fears as they create thousands of fake internet domains, fraudulent coronavirus-related charities, bogus companies offering loans, masks and other equipment.
As the world gravitates towards hyperconnectivity, it is estimated that in the next three years, the direct financial impact resulting from attacks on cyber-physical systems alone will cost businesses a whopping $50 billion. This number could be significantly higher if other indirect costs are added to the equation such as compensation, litigation, insurance, regulatory fines and reputational loss.
On the demand side, consumers are signaling a lower tolerance for breaches with 40% of them blaming CEOs personally for cybersecurity lapses. Not to mention a regulatory framework that is ever-changing, becoming more stringent and demanding. Gartner predicts that by 2024, 75% of CEOs will be held personally accountable for cyberattacks that lead to injury and other physical damage.
Plenty of evidence suggests that cyber risks are of greater concern to CEOs with each passing year. Here are the five top cybersecurity incidents that worry CEOs the most:
Ransomware is one of the most significant business threats facing CEOs, causing a great deal of concern. It is estimated that ransomware may have cost U.S. businesses more than $7.5 billion in 2019. Recent reports suggest that ransomware attacks grew 72% this year due to the chaos surrounding the pandemic. In a survey from earlier this year, CEOs indicated ransomware was their biggest worry ahead of fire and floods.
Phishing attacks are one of the most common security challenges that businesses face every day. According to experts, 90% of all cyberattacks start with a phishing email. The world has seen a staggering 6000% increase in phishing attacks since Covid-19. Google claims to have blocked more than 18 million coronavirus scam emails every day.
Cloud security challenges:
Post COVID-19, many businesses are increasingly relying on cloud infrastructure to navigate the challenges of remote working and enabling business continuity. As these organizations begin to flock to the cloud, they are faced with a new daunting challenge: security. It is estimated that attacks on the public and the enterprise cloud grew by almost 600% in recent times, making cloud security another top concern. Other reasons attributed to cloud security challenges are security misconfigurations either due to a lack of awareness or the rush to move to the cloud, negligent behavior and vulnerabilities. While cloud providers are responsible for maintaining servers, organizations are responsible for their own data security.
Social media scams:
Scammers use social media to get information about individuals and businesses and often impersonate legitimate friends, family members, charities, public institutions and government. Once they gain your trust, they can ask employees for private information or maneuver them into clicking on a malware-laden URL, making a donation or giving them access to business resources. Twitter accounts of famous CEOs were hacked in an attempt to con followers in a cryptocurrency scam. Several high-profile CEOs have also reportedly quit social media over security concerns.
CEO fraud or business email compromise (BEC), is a variant of the phishing attack and is known to have cost businesses billions of dollars in the first half of 2020. Using this technique, cybercriminals spoof company email accounts and impersonate executives to try and fool an employee. The FBI issued a warning highlighting an increase in BEC frauds. Since March of this year, it’s been estimated that almost 7,000 CEOs have been impersonated.
Cybersecurity is a CEO challenge that cannot be ignored. Just as financial statements are blessed by the CFO, a CEO must actively engage in cybersecurity conversations and ensure cyber risks are monitored at all times. CEOs must build a tight security ship by onboarding the right talent even if that means taking a stopgap measure by using a virtual CISO who comes with experience. It’s a lot to manage but if you invest in resources that can foster the right security culture and mindset, you’ll help build a cyber-resilient organization.