Cyber Security: The Most Significant Threat to US Organizations

 Due to various new and growing cybersecurity threats to US companies, businesses, especially SMEs and SMBs, need to reassess their stance towards cybersecurity. This paper discusses why SMB/SMEs make attractive targets for threat actors and the best practices for US enterprises to safeguard their valuable digital assets.

A significant risk that US organizations face is cybersecurity. As organizations adjust to a new operating paradigm with the rapid adoption of hybrid workplaces and a virtual workforce, cybersecurity concerns are rising with severe consequences for reputation, operations, and compliance. Smaller businesses, especially, are easier targets because they lack adequate security measures to safeguard their digital assets and educate their virtual workforce. In addition, their lackadaisical attitude toward data security is a driving force for cyberattacks. Moving forward, SMEs and SMBs must identify the most significant threats to their businesses in 2022 if they are to prevent severe threats such as the permanent closure of their organizations, as demonstrated by the 2019 ransomware attack at Wood Ranch Medical in California.

(Image source - Pixabay.com)

The Current State of Cyber Security in the US: Statistics at a Glance

Even with the best security systems, every organization is vulnerable to cyberattacks. People continue to put their sensitive information, operations, and system security at risk regardless of developments in technology, cybersecurity systems, and data protection standards and regulations. This is one of the reason, the global cybersecurity segment is predicted to be worth upwards of $200 billion in 2022. According to Statista, the cybersecurity market would expand to $345.4 billion by 2026 due to increased exposure and expenditure in cybersecurity architecture worldwide.


Size of the cybersecurity market worldwide from 2021 to 2026 (in billion US dollars)

(Source: Statista.com)


It is known that over 40% of cyberattacks target SMBs and SMEs. The threats 2022 can expect to be rampant are the following:



Why are SMEs and SMBs Tempting Targets of Cyber Adversaries?

While massive breaches make news, there is a persistent and rising degree of cybercrime attacking smaller businesses under the radar. All organizations are subject to cyberattacks, but SMBs and SMEs are particularly vulnerable to intrusions, which means a ransomware demand may wipe them out overnight. Small businesses are the entry points to the networks of giant corporations with whom they do business. However, they are unaware that they might be targeted. 


Malicious actors are particularly aggressive in targeting medium and small-scale organizations and individuals who may transmit substantial quantities of money or private data as part of their operations. SMBs and SMEs might suffer severe reputational and financial losses simply because an unpatched vulnerability was taken advantage of by a cyber adversary. They are the targets of adversaries because of several factors, including:


  • Limited Security Budget: SMEs and SMBs usually have individuals handling more than one responsibility instead of dedicated cybersecurity teams like large corporations. The small-scale security budget impacts the organization significantly, leaving opportunities for adversaries to exploit.


  • A Lax Attitude Towards Data Security: Larger organizations have made significant progress in mitigating cyberattacks, but smaller businesses with fewer resources tend to lack emphasis in this crucial area. Some organizations believe that cyber assaults are much more likely to pursue larger enterprises than their own. For instance, this survey reported that only 16% of small business owners think they are at risk for a cyberattack; it indicates how data breaches can progressively target smaller enterprises. In essence, some businesses are confronted with the harsh reality of discovering the hard lesson that their cybersecurity safeguards were inadequate owing to a negligent attitude towards data security.


  • Smaller Enterprises are Goldmines of Data: While SMEs and SMBs may lack the capital backing of larger organizations, they do possess a goldmine of corporate and customer data, such as health records, payment information, social security numbers, bank account credentials, or proprietary trade secrets. Malicious actors can profit by targeting such data for ransomware demands or theft for dark web sales. 


  • No Dedicated Cybersecurity Training: 43% of C-Suite leaders cited human error as the second major cause of data breaches in 2020. SMBs and SMEs fail to keep their staff informed on security concerns and challenges. Consequently, they leave themselves exposed to cybersecurity risks such as ransomware and phishing. Enterprises must educate their employees on the changing threat landscape, such as the threats from opening unsolicited email attachments, deepfakes, and so forth. SMBs put their businesses at risk by lacking cybersecurity training and paying the price.


  • Point of Entry for a Bigger Attack: Small organizations generally provide products and services to larger organizations. Thus, it becomes easier for attackers to exploit a security vulnerability in the information systems of the former and escalate the privilege to barge into the network of their target organization. 


Cyber Security Threats Endangering Security of US Business Organizations

Cyber assaults on US organizations that target many groups at once are among the most effective and common attacks currently making the rounds. The capacity to secure data, the robustness of its cybersecurity posture, and the cyber resilience it possesses influence an enterprise’s worth. It is crucial to adopt a comprehensive cybersecurity framework that identifies and prevents infiltrators before they are able to execute a breach, which can only be done by understanding possible cybersecurity concerns for business organizations. To do so and combat the emerging threats, businesses in the United States must concentrate their efforts and attention on the following cybersecurity concerns.

 

  • Rise of Social Engineering Attacks: Threat actors use psychological techniques on individuals to access confidential information, infiltrate enterprise networks, and deploy malware, among other things. According to Verizon’s 2020 DBIR, social engineering is used in approximately 22% of cyberattacks. A social engineering attack involving the impersonation of her assistant defrauded Barbara Corcoran of Shark Tank for $400,000 in 2020.



  • Insider Threats: Over 69% of reported breaches in the US involved insider threats. An employee who reveals confidential corporate information or exploits corporate vulnerabilities accidentally or knowingly is a malevolent insider. Insider threats are not limited to employees and can involve vendors and partners. Through privileged usage and malicious intent, individuals with access to sensitive data and networks can jeopardize the organization significantly. In 2020, the FBI published a report about General Electric staff members plotting to sell corporate secrets.



  • Cyberwarfare and State-sponsored Attacks: Attacks sponsored by states can cause heavy losses to enterprises. CNBC’s survey revealed that executives consider state-sponsored cyber warfare the most significant threat to their organizations. The increased concern for such attacks is because they occur through government authorities and can cause damage at a large scale, as demonstrated by the SolarWinds attack that led to unwarranted access of several government agencies and thousands of individuals worldwide. 


How US Organizations Can Safeguard Their Valuable Information Assets

Organizations can quickly deploy countermeasures to secure their information assets by focusing on the following aspects in earnest:

 

  • Treating Cybersecurity as a Business Decision: Often, senior management and board of directors tend to think of cybersecurity as a cost to the organization. However, in the changing threat landscape, they must consider cybersecurity as a business decision and not a technology decision. A minor cybersecurity incident can jeopardize their business operations and even threaten the entity’s very existence. It may also tarnish its reputation and cause financial losses and regulatory fines.


  • Employee Awareness, Education, and Training: Security is the responsibility of all employees who have access to corporate systems. All personnel should receive online cybersecurity training to defend themselves and the organization from intrusions. Security training is a never-ending learning process that keeps staff up to date on cybersecurity, IT best practices, and regulatory needs. Organizations should inform employees of the best data security practices through cybersecurity awareness 

  • programs. They apply to systems and tools commonly utilized in the workplace, such as social networks, email communication, and the internet. To fully mobilize your workforce as a force against assaults, all employees should undergo at least a basic cybersecurity training practice to ensure they follow cyber hygiene while accessing the organization’s network.


  • Configuration of Organizational Practices and Systems: There are many protocols and services that organizations can use to employ safeguards against growing cybersecurity threats. Strengthening your network systems using password vaults, VPN-capable firewalls, and malware scanners, applying full encryptions, locking IP addresses, and regularly backing up critical data sets are some of the basic preventive measures to be adopted by any organization having some part of its business operations online. Besides, limiting access and setting permissions using ‘least privilege’ and ‘need to know basis’ principles can help reduce insider threats. Organizations should also consider cyber insurance to cover investigation, losses, and crisis management costs in the event of a cyberattack.


Final Words

Cybercrime is among the most severe threats today to businesses, people, and government organizations. When there are significant cyber risks to US interests, the country’s organizations cannot crumble and must fight back. Organizations are becoming more conscious of the potential hazards caused by third parties as malicious actors become more skilled, and cybersecurity threats continue to escalate. The country must rely on market forces to persuade the private sector to combat this expanding threat in the future. The need of the hour for the private sector, especially SMBs and SMEs, is to undertake long-term, dynamic investments, employee training, and the reinforcement of business processes required to safeguard the country’s diversified organizations and sectors.


References

  1. Network Doctor. 8 reasons SMBs are a top target for cyber attacks

https://www.networkdr.com/insights/8-reasons-smbs-are-a-top-target-for-cyber-attacks 


  1. Gatefy. (2021, June 21). 10 real and famous cases of social engineering attacks

https://gatefy.com/blog/real-and-famous-cases-social-engineering-attacks/ 


  1. PurpleSec. 2021 cyber security statistics: The ultimate list of stats, data & trends

https://purplesec.us/resources/cyber-security-statistics/ 


  1. Verizon Business. 2021 Data Breach Investigations Report

https://www.verizon.com/business/en-gb/resources/reports/dbir/ 


  1. Baer, S. (2021, July 7). Attack the root cause of cyber threats, one employee at a time. Forbes. 

https://www.forbes.com/sites/forbeshumanresourcescouncil/2021/07/07/attack-the-root-cause-of-cyber-threats-one-employee-at-a-time/?sh=ec7605577ae2 


  1. Turton, W. & Mehrotra, K. (2021, June 5). Hackers Breached Colonial Pipeline Using Compromised Password. Bloomberg. 

https://www.bloomberg.com/news/articles/2021-06-04/hackers-breached-colonial-pipeline-using-compromised-password 


  1. Bocek, K. (2022, January 18). Software supply chains and enterprise IoT will be big attack targets in 2022. Forbes. 

https://www.forbes.com/sites/forbestechcouncil/2022/01/18/software-supply-chains-and-enterprise-iot-will-be-big-attack-targets-in-2022/?sh=10230566961d 


  1. Packetlabs. (2021, August 3). Cybersecurity statistics for 2021.

https://www.packetlabs.net/cybersecurity-statistics-2021/ 


  1. De León, R. (2020, December 17). 50% of US tech execs say state-sponsored cyber warfare their biggest threat: CNBC survey. CNBC. 

https://www.cnbc.com/2020/12/17/50percent-of-tech-execs-say-cyber-warfare-biggest-threat-cnbc-survey.html 


  1. Ciso Mag. (2021, January 13). Deepfakes: A growing cybersecurity concern

https://cisomag.eccouncil.org/deepfakes-a-growing-cybersecurity-concern/ 


  1. Dragilev, D. (2022, January 6). How your employees can prevent and detect cybersecurity threats. Forbes. 

https://www.forbes.com/sites/forbestechcouncil/2022/01/06/how-your-employees-can-prevent-and-detect-cybersecurity-threats/ 


  1. BitSight. Gartner report: The urgency to treat cybersecurity as a business decision

https://www.bitsight.com/resources/the-urgency-to-treat-cybersecurity-as-a-business-decision-ppc 


  1. Mlitz, K. (2021, November 15). Size of the cybersecurity market worldwide from 2021 to 2026. Statista.  

https://www.statista.com/statistics/595182/worldwide-security-as-a-service-market-size/ 


  1. Hijazi, K. (2021, August 26). 5 emerging cybersecurity threats facing the US Yahoo Finance. 

https://finance.yahoo.com/news/cybersecurity-threats-facing-us-122710451.html 


  1. Jibilian, I. (2021, April 15). The US is readying sanctions against Russia over the SolarWinds cyber attack. Here’s a simple explanation of how the massive hack happened and why it’s such a big deal. Business Insider India. 

https://www.businessinsider.in/tech/news/heres-a-simple-explanation-of-how-the-massive-solarwinds-hack-happened-and-why-its-such-a-big-deal/articleshow/79945993.cms 


  1. Tetra Defense. 13 ways to protect against cyber attack in 2021

https://www.tetradefense.com/cyber-risk-management/13-ways-to-protect-your-business-from-a-cyber-attack-in-2021/ 


  1. Marr, B. (2021, December 17). The five biggest cyber security trends in 2022. Forbes. 

https://www.forbes.com/sites/bernardmarr/2021/12/17/the-five-biggest-cyber-security-trends-in-2022/?sh=671a88db4fa3 


  1. KPMG. Oracle and KPMG cloud threat report 2020: Addressing security configurations amidst a state of constant change.  

https://assets.kpmg/content/dam/kpmg/bh/pdf/2020/06/oracle-cloud-threat-report-2020.pdf 


  1. Greig, J. (2022, January 15). White House confirms person behind Colonial Pipeline ransomware attack nabbed during Russian REvil raid. ZDNet. 

https://www.zdnet.com/article/colonial-pipeline-ransomware-attack-everything-you-need-to-know/ 


  1. Robinson, P. (2022, January 10). Employee negligence is biggest cyber security threat to US companies. Lepide. 

https://www.lepide.com/blog/employee-negligence-is-biggest-cyber-security-threat-to-us-companies/ 


  1. Segal, E. (2022, January 5). The 10 biggest risks and threats for businesses in 2022. Forbes. 

https://www.forbes.com/sites/edwardsegal/2022/01/05/the-10-biggest-risks-and-threats-for-businesses-in-2022/?sh=453a4225366c


  1. Federal Bureau of Investigation. (2020, July 29). Trade secret theft: Investigation Into Theft of Intellectual Property from GE Leads to Two Guilty Pleas

https://www.fbi.gov/news/stories/two-guilty-in-theft-of-trade-secrets-from-ge-072920

Comments

Post a Comment

Popular posts from this blog

In Progress: What We’re Working On

Image
  This post serves as a living list of articles and resources currently in development for my blog. Check back soon for updates as we finalize, polish, and publish new content. 🛠️ Upcoming Posts & Documents Do iPhones or Android Phones Need Antivirus? –  Editing in progress What’s the Best Antivirus Program for Your Computer? – Editing in progress Have a topic you'd like us to cover? Let us know !
Read more

How to Use Shared Albums (iPhone and Android – Native Options)

Image
Shared albums are perfect for trips, family events, birthdays, and kids’ activities—everyone adds their photos into one shared space. iPhone (Apple Photos + iCloud Shared Albums) This is Apple’s built-in shared album feature. Before you start (one-time check): Go to Settings → tap your name → iCloud Tap Photos Turn on iCloud Photos Turn on Shared Albums Create and share a Shared Album: Open Photos Tap Albums → tap + (top left) → New Shared Album Name the album (example: “Christmas 2026”) Invite people (phone number or email tied to their Apple ID) Tap Create Add photos/videos, then tap Done Let others add photos too: Open the shared album Tap the people icon (or … → Shared Album Details ) Turn on Subscribers Can Post Tip: Everyone you invite needs an Apple ID to fully participate. Android (Google Photos – built in on most Android phones) On Android, the “native” photos app experience is typically Google Photos , and it’s the s...
Read more

What To Do If You Suspect You've Been Spoofed or Hacked on Facebook

Image
  What To Do If You Suspect You've Been Spoofed or Hacked on Facebook In today's digital world, social media accounts like Facebook are prime targets for hackers and scammers. If you suspect your Facebook account has been spoofed (impersonated) or hacked (compromised), acting quickly is essential to protect your data, your identity, and your professional reputation. 1. Recognize the Signs Spoofing : Someone creates a fake profile using your name, photos, or other information to impersonate you. Hacking : Someone gains unauthorized access to your real Facebook account and may change your password, post on your behalf, or message your contacts. 2. Take Immediate Action If Your Account Is Hacked Go to Facebook’s Help Page : Visit facebook.com/hacked to start the recovery process. Change Your Password : If you're still able to log in, change your password immediately. Check Recent Activity : Review login history and remove suspicious devices under Settings...
Read more