Trick or Treat: Avoiding the Horrors of Hackers During Cybersecurity Awareness Month

It seems fitting that both Halloween and Cybersecurity Awareness Month are held in October. Halloween horror movies and cybersecurity have become synonymous with tales of spine-tingling terror and a sense of overwhelming dread. How can Frankenstein, Freddy Krueger, and their fiendish friends possibly have anything in common with firewalls and phishing, you may ask? Before you read on for the answer to that question, be sure to lock your doors and turn the lights on, as this article is about to get downright terrifying.

• At some point in every Halloween horror movie, the villainous monster is believed to be dead, only to suddenly attack when their horrified victims least expect it. In the world of cybersecurity, cyber criminals adopt a similar tactic, quietly biding their time after they gain access to your system, as they wait for the optimal moment to strike. According to the 2021 Cost of a Data Breach Report, conducted by Ponemon Institute and sponsored and analyzed by IBM Security, the average time to detect and contain a data breach if 287 days (212 days until detection and another 75 days to contain the breach).
• In countless cinematic chillers, the victims are ill prepared to defeat the creature that is chasing them, and often find themselves without weapons or cell phone coverage to call for help. The cybersecurity equivalent of this lack of preparedness is not having developed an incident response plan that has been tested on a regular basis. By not being ready and equipped to respond to an incident, the costs and time to restore operations are significantly greater. According to the IBM/Ponemon Report, the cost of responding to a breach was almost 45% less expensive when an incident response plan had been put in place.
• One of the most unsettling elements of horror movies featuring zombies is the unending waves of undead that terrorize the living. Data breaches and cyberattacks have begun to take on a similar unsettling trend, as it is difficult to check your newsfeed without reading about another catastrophic incident caused by a ruthless and faceless hacker. In 2021 alone, major companies have been attacked, including Facebook, SolarWinds, GEICO, Scripps Health, and Microsoft, just to name a few of the victims. The trajectory towards more frequent and expensive attacks is not likely to change anytime soon, so it is incumbent upon every business to fortify their defenses to mitigate the risk of becoming the next casualty.
• Every classic monster movie has spawned a sequel where the creature returns and is exponentially more deadly. The same can be said for cyber threats, as the attacks used by hackers continues to grow more sophisticated and lethal with each passing day. The damage associated with attacks in the not-too-distant past would typically consist of a few thousand dollars and several hours of downtime to run antivirus scans. Today’s attacks, however, are capable of inflicting millions of dollars of damage via compromised hardware and software, loss of productivity, ransom payments, and reputational damage.

While horror movie villains hack their prey using a variety of deadly weapons, cybercriminals hack their victims by taking advantage of businesses that don’t place a premium on the importance of cybersecurity awareness. If an organization has not armed their employees with the necessary training and knowledge needed to detect and avoid cyberattacks, chances are that, this Halloween, they may be receiving some terrifying (and expensive) tricks and very few treats.

For more information on how you can provide cybersecurity awareness to your team and significantly reduce the chance of your business becoming the next victim of a cyber criminal, contact Kevin Ricci at kricci@citrincooperman.com or Michael Camacho at mcamacho@citrincooperman.com.