Why Is Everyone Talking About Cybercrime?

Cybercrime is not just a concern for large technology companies anymore. It has become so profitable for the perpetrators that even individuals and small businesses have become the targets. In 2020, 43% of breaches were suffered by small businesses. The direct impact can be devastating. Unfortunately, it can also be accompanied by major fines and penalties. Even a minor breach with no direct financial impact can have significant reputational damage and be difficult for businesses to regain lost trust from their customers. Forty-four percent of breaches included personally identifiable information with breaches studied containing between 2,000 and 101,000 records. IBM security calculated the average cost to be $161 per record¹.

In 2021 the average cost to remediate a ransomware attack was $1.85 million². 

What are some of the biggest vulnerabilities?

Sometimes we don’t like to admit it, but a huge vulnerability is people; our staff, the people we work with side by side. For example, now that we need a passcode for everything, it has become convenient to use the same one across various sites. As a result, this can lead to credentials being compromised much more easily. Another example is that hackers are becoming much more sophisticated for producing convincing, yet malicious emails (phishing/spear phishing). As well, fake websites for unsuspecting staff to click on, are much harder to distinguish in this day and age. Recent research from Proofpoint revealed that 75% of organizations around the world experienced a phishing attack in 2020, and 74% of attacks targeting US businesses were successful⁴.

Another consideration to be aware of is bots, as they are commonly used by threat actors. They can automatically scour the internet for sites and servers that have known, unpatched vulnerabilities in their operating systems. Thankfully, these vulnerabilities are widely known and such attacks can easily be prevented by keeping your software updated to the latest version.

What should rental companies do to protect themselves against cybercrime?

While the topic is unique to every organization, some good baselines to follow are:

• Train your staff on how to keep themselves and your business secure. Untrained staff can be more damaging than unpatched applications.
• Partner with vendors that will assist you in protecting your security. Cyber-security is a profession in itself and internal IT teams may not have the expertise to keep your business secure on their own.
• Verify your internal and/or external IT teams are well versed in cybersecurity. 
• Ensure multi-factor authentication is enabled on any application that supports it. 
• Make sure all of your software is kept up to date with a robust patching policy. 
• Enforce the use of a password manager for your staff so all sites and applications have unique, complex passwords.  

Finally, backup everything. As online collaboration/email software is becoming more common, don't get caught in the mindset that “it’s on the cloud, it's safe”. Ensure you have those services backed up.

Who should be responsible for cybersecurity in your company?

Cybersecurity is everybody's responsibility. While larger companies will need to nominate a responsible person, the best practice is to have every person responsible for anything they interact with. Build an environment where all team members share any cybersecurity news/software vulnerabilities they come across. If there is a knowledge gap, especially when it comes to smaller, family-owned rental companies, make sure you partner with an IT service provider with cybersecurity expertise. Larger companies should consider partnering with a dedicated Security Incident and Event Monitoring (SIEM) service and/or a Security Operations Centre (SOC).

Sources:

1. IBM Security “Cost of a Data Breach Report 2021”
2. Sophos “The State of Ransomware 2021”
3. Sophos “2021 Threat Report” 
4. Proofpoint “2021 State of the Phish Report”