With the advent of AI, there is an exponential increase in the volume and sophistication of cyber attacks. According to recent statistics, cyber crime is now a $10,000,000,000 (ten trillion) industry. It makes sense when you consider that it’s inexpensive to do and it can be executed from anywhere in the world, particularly from countries that don’t prosecute cyber criminals. After all, it brings wealth to their nations.  So it’s a relatively low risk venture. 

A search of the web will give you lots of statistics. Here are a few from Crowdstrike. 

• Not surprisingly, North America has the majority of intrusions at 53%
• The break out time for intrusion fell from 62 minutes to 48 minutes with the fastest being 51 seconds, showing how important speed of detection has become
• Voice Phishing (Vishing) attacks increased 442%
• Initial Access attacks, with data being sold to advertisers, increased 50% year over year

Additional information from the Kaseya Connect conference pointed out that with AI and quantum computing, password hacking becomes much more successful. In one panel discussion of 4 Chief Information Security Officers (CISO) who have been in the industry for over 30 years each, the consensus was that the most vulnerable attack vector is the user or employee. Bad password management, lack of knowledge to recognize attacks, and bad file management were by far the biggest opportunity for attack.

Secondarily, not having a good detection and response strategy and a lack of effective backups multiplied the impact of being hacked and often made the difference between failure of the business or a recoverable event. 

One of the very sobering realities is that the hackers are highly motivated and very engaged in working together to improve their process and tools. The tools are readily available on the dark web and regular web and the cost of using them is very low. 

The industry is working diligently to find better solutions, but even VPNs, 2FA (2 factor authentication) and other strategies are not 100% protection. That’s why it’s imperative that you go beyond prevention to ensure that you have an excellent recovery strategy. 

It is recommended that your accounting department is checking credit card and banking activity every day to identify data that may have been compromised or exfiltrated from vendors. 

If you follow this in the news, it’s clear that hacking of major companies, government agencies, hospitals and other big businesses with massive IT and cyber protections budgets are getting hacked on a regular basis. Small businesses like real-estate, attorneys and others are not becoming targets as well. 

The important thing to remember is this: If you have data that has social security numbers, dates of birth or credit card information, you have a target on your back. Taking the most aggressive stance on protecting your data, systems and customer information must be a top priority if you want to survive the overwhelming level of activity that is targeting you and your business.