“Certain kinds of cybercrime that were considered avant garde or cutting edge in 2004 or 2005 are now daily occurrences.”
That’s the verdict of Grobstein Teeple’s Global Head of Cybersecurity and Risk Management, Erik Rasmussen, who believes one of the biggest changes over the past 20 years is simply the fact that cybercrime is now so prevalent.
Next month marks the 20th anniversary of Cybersecurity Awareness Month—a joint initiative between the National Cybersecurity Alliance and the U.S. Department of Homeland Security first launched in October 2004.
Some of the advice offered by the earliest incarnations of Cybersecurity Awareness Month—such as updating software two or three times a year, similar to how the average car owner must get an oil change or tune up—now seems comically outdated.
Preventative maintenance is important, but to combat today’s cyber threats, computer owners must be more proactive about updates. Think of it as if the check engine light comes on every time a threat is found, thus making a trip to the mechanic costly and exhausting.
With the Federal Bureau of Investigation receiving more than 800,000 cybercrime-related complaints in 20221 it’s clear eternal online vigilance is now a daily necessity.
“Cybercrime is basically so ubiquitous now that the skill level to commit a cybercriminal act is actually very low,” Rasmussen explained.
“But at the same time, in those higher echelons where nation-states operate, cybercriminals are still as elusive and destructive as ever.
“So you’ve expanded your areas of concern, because more people are capable of committing all kinds of cybercriminal attacks than ever before.”
“There’s a lot more to worry about because it’s easier than ever for your data to get destroyed or compromised,” Rasmussen added. “So start having those conversations around cybersecurity.”
The 2022 Cybersecurity report found that despite years of awareness campaigns, more than two-thirds of all respondents claimed they still lacked access to cybersecurity knowledge.2
More than a third of those respondents had fallen victim to a cybercrime—typically phishing scams—with many of those relying on friends and family to help them with their cybersecurity.
“When it comes to staying safe online,” said Grobstein Teeple’s Head of e-discovery and Forensic Technology Solutions, Michael Garlie, “security is one end of the spectrum and convenience tends to be on the other.
“So I think having some fundamental cybersecurity knowledge, along with the quarterly training that is occurring more and more in many organizations, is extremely useful in identifying those phishing scams from text messages or emails that many people still struggle to recognize.”
For Cybersecurity Awareness Month in 2023, campaign organizers have listed four key behaviors they suggest can help ward off malicious intent.
However, while Rasmussen and Garlie agree somewhat with Cybersecurity Awareness Month’s central premise—namely that “it’s easy to stay safe online”—both say smartphone technology complicates matters.
“When we say ‘online,’ we really just mean connected to the internet, which is essentially 24 hours a day as long as your phone is on and it has a WiFi or cell-service connection,” Rasmussen said.
“I’m not sure it’s that easy to stay safe online, just given the ubiquity of digital technology.”
Want to know why it pays to protect yourself online? Americans lost more than $10 billion to cybercriminal acts in 2022 alone.
That figure is expected to rise to almost $14 billion within the next five years—with the United States almost always the most heavily-targeted country for cyber attacks every year.
Given it costs the average small business around $3 million to remedy the cost of cybercrime, it’s little wonder one survey found “that around 60 percent of small companies go out of business within six months of falling victim to a data breach or cyber attack”.3
Despite the daily threat and ballooning costs of cybercrime, Rasmussen says the prevalence of smartphones and the fact that most Americans have been active online for many years can lead to a sense of complacency.
“Next to multifactor authentication, I would say simply educating people is the most cost-effective thing you can do to make people aware of the damage cybercrime can create,” Rasmussen said.
“I wish Cybersecurity Awareness Month was every month… but it’s about awareness and education,” he added.
“And I would say, if you have no budget, there’s so much open-source stuff out there, it’s easy just to pull down PDFs and helpful information and simply share that with your stakeholders.”
In an age where the line between work and home life is often blurred, it’s not always easy for employees to stay secure online across multiple devices and accounts.
With tech providers encouraging users to sync accounts on a regular basis, employees who may be hyper-vigilant with the cybersecurity of their work accounts, can be less so when it comes to logging onto work accounts from a personal device.
“You can’t eliminate the risk entirely, so your job is to reduce the risk however much you can,” Rasmussen explained.
“And while you can’t get the risk to zero, you don’t want it to be one hundred percent either.
“So you do all those little things we’ve just talked about to make it much harder for cybercriminals to breach your security.”
The costs for those who have suffered a cyber breach isn’t merely reputational.
In a state with strict privacy laws like the California Consumer Privacy Act (CCPA) and even the European Union’s General Data Protection Regulation (GDPR)—which generally applies to any business that holds the personal data of EU residents—it can literally cost your business millions of dollars in fines.
“If a business loses four million records and it’s paying $100 or even $1,000 per record that was compromised, that amounts to tens of millions of dollars in fines they are legally obliged to pay,” Rasmussen said.
“Let alone all the reputational damage and legal fees and consulting costs,” he added.
While prevention is invariably better than cure when it comes to staying safe online, chances are that if your business has come under attack, you’re already familiar with the cybersecurity solutions offered by Grobstein Teeple.
Not only do we provide a comprehensive range of digital forensics and incident response solutions—including forensic data acquisition across almost any type of device, root cause analysis, and the preservation of digital evidence—we also provide a range of risk management, penetration testing, and insider threat security assessments.
In short, we possess the in-house expertise needed to keep you and your business secure online—and respond to any crisis as it happens.
“One of the first things that we do when we get called in is to preserve all of the data on all of the devices that have been affected and then all the other ones as well, because we want that snapshot in time,” Garlie explained.
“We’re not going out and finding the bad guy—because that’s not our job and it’s unlikely we’re going to find them anyway.
“But there’s probably an expectation that there are going to be some lawsuits coming down the way, so you want to figure out where that liability exists to protect yourself—either defensively, or if the liability exists elsewhere, to use it as a plaintiff in a lawsuit.”
One area in which companies can bolster their cybersecurity defenses is by obtaining Payment Card Industry Forensic Investigator (PCI PFI) certification.
Grobstein Teeple recently helped UHY Consulting obtain PCI PFI certification.
“The PFI certification and its rigorous application process demonstrate the value the Council places on protecting the payments ecosystem and ensuring only qualified forensics investigators join this community,” said our own Erik Rasmussen.
“In successfully completing the application process, UHY Consulting has demonstrated its vast knowledge of the payments and cybersecurity fields, and sophisticated operational skills – resulting in the achievement of this incredibly selective accreditation.”
To hear more of Erik’s thoughts on cybersecurity, click here to listen to the Future of Cyber Risk podcast.
And if you need help with any aspect of your cybersecurity, simply get in touch to book a call.
October marks the 20th anniversary of Cybersecurity Awareness Month—the joint initiative between the U.S. Department of Homeland Security and Natio...
“Certain kinds of cybercrime that were considered avant garde or cutting edge in 2004 or 2005 are now daily occurrences.” That’s the verdict of...
It's Cybersecurity Awareness Month and here at Grobstein Teeple, we’re thrilled to play our part. Our Global Head of Cybersecurity and Risk Mana...
Postponed deadlines for disaster-affected taxpayers in California. The Internal Revenue Service has announced that the postponement of various t...
Brand History We grew from a desire to combine the expertise provided by a larger firm with a leaner, more flexible approach that puts our c...
Our newest partner in e-discovery & digital forensics If you’re familiar with litigation support services, chances are you’ve heard of e-dis...