Between 2018 and 2020, the City of Baltimore was hit three times by cyberattacks from different threat actors.
In March 2018, hackers targeted the police department’s 911 and 311 numbers, resulting in outages for 17 hours as responders resorted to manual methods.
The city took another hit about a year later, when ransomware variant RobbinHood infected its computers demanding three Bitcoins per system to unlock them, or 13—valued at more than $100,000—for access to them all. The city refused to pay, but spent more than 100 times that in the end: $1.3 million in emergency funds and $10 million in recovery efforts—not to mention the capital lost during months of shutdowns.
Already under scrutiny for how the city handled these attacks, it was hit a third time in November 2020—closing Baltimore County Public Schools for several days. Although they eventually reopened, thousands of retired employees are still dealing with the consequences—unable to change medical insurance payments, cease those to deceased spouses, or are owed thousands of dollars in benefits, reads a Washington Post article.
Unfortunately, Baltimore’s experience is not unique. Far too often does another attack follow a previous one when the victim is vulnerable.
The problem is also getting worse, according to respondents of a 2022 global study by security management firm Cymulate, reported on in CPO Magazine. Two-thirds (67%) of businesses suffered subsequent cyberattacks within a year after their first—with 10% experiencing 10 or more incidents during that period!
“If you've been bitten,” explains Cybersafe Solutions Chief Operating Officer Keith Strassberg, CISSP, “how are you truly sure that you've exterminated the threat? Unless you drastically change your cybersecurity program, the next group is going to come along and make you a victim again.”
The almost inevitable risk of repeat attacks underscores the need to transform cybersecurity defenses and mindsets after a breach—not only implementing robust managed detection, containment, and response, but shifting company culture into one of avid proactivity.
Damages of a Cyberattack
Financial Losses
Perhaps the most glaring impact of cyberattacks is the hefty financial costs—especially in cases of ransomware, where threat actors encrypt files and hold them for ransom for a substantial price.
With the average cost of a U.S. data breach at $8.64 million, according to the 2021 IBM Security “Cost of a Data Breach Report,” it’s no wonder 60% of small businesses fold after falling victim to an attack in the first place.
Lost Productivity
The costs of a cyberattack are also measured in the hours of sacrificed productivity—whether locked outside computers, forced to revert to time-consuming manual processes, or answering questions from legal teams regarding the compromised data.
Cyberattacks are altogether disruptive to nearly every aspect of business operations—making it that much more important to not only recover swiftly, but proactively prevent them in the first place.
Reputational Damage
Despite it being years since the 2020 cyberattack on Baltimore County Public Schools, retirees still feel a “lack of trust,” and that it’s “difficult for them to believe in the school system in any way at this point,” emailed Angela Leitzer, chairperson for the Teachers Association of Baltimore County’s division for retirees, to the Post.
This fallout is all too common after cyberattacks. While businesses might be able to eventually recover financially or resume business operations, customer trust, once breached, is not always so reparable.
“What is the most expensive part of a ransomware attack, right?” asks Strassberg. “Is it truly the ransom, or is it the costs, time, energy, people impact of rebuilding and remediating an environment? I would say most organizations grossly underestimate the costs of that disruption.”
Continuous Monitoring: Managed Detection & Response
If a company recovers from a cyberattack, the first order of business should be to partner with skilled, certified specialists for 24/7/365, continuous monitoring services.
However, what do these terms look like in practice?
“Continuous monitoring” is an abridged term for SOC-as-a-Service (SOCaaS), providing managed detection, response, and mitigation 24 hours a day, seven days a week, 365 days a year.
This 360-degree visibility into endpoints, networks, and cloud environments evaluates present and potential threats that, if left unchecked, could render your systems vulnerable to attack. SOCaaS partners bring the proper expertise to operate those tools.
The goal of SOCaaS is complete vigilance into your security posture at all times, empowering you to proactively curb hackers before they have a chance to infiltrate and disrupt your systems.
“Having the ability to understand when you are breached before it becomes a full-scale ransomware deployment will save the business untold time, energy and expenses,” Strassberg explains. “A threat actor demonstrated to you that your defenses were inadequate.”
“What changed that they're not going to get you again?” he continues. “If you were a successful victim, you raise your profile of being a victim.”
Response to a Cyberattack
Managed Detection, Containment & Response
Managed detection and response helps organizations identify threats and abnormalities in a real-time fashion before an attacker can disrupt organizations.
Rather than hiring new, full-time employees or training existing IT departments to monitor for cyber threats, outsourcing to trained professionals actually saves your organization time and money—20 or 30 cents on the dollar, to be exact, Strassberg finds.
“A security operation center, because it's dedicated to this, will be far more capable and in touch with the actual threats to a given organization,” he explains.
Cybersafe Solutions Channel Manager Randy Schumaker echoes this.
“If the small businesses usually go out of business when they get hit,” Schumaker says, “then maybe $700 per month, $1,000 per month isn’t that much of an investment if you want to stay in business.”
Security Awareness Training
To effectively recover from a cyber event and proactively mitigate future threats, companies should implement thorough security awareness training.
By having industry experts reinforce best practices such as identifying phishing emails, password health, and even more advanced hacking techniques such as multi-factor authentication (MFA) fatigue, organizations train employees to be the first line of defense.
“Humans are a large part of the corporate security equation,” stresses Strassberg. “They're part and parcel to avoiding compromise.”
Mindset Shift
To foster long-term cybersecurity, employees must prioritize cyber safety and make it a part of company culture.
“Cybersecurity is a business issue,” says Cybersafe Solutions Vice President of Sales Mark Petersen. “It’s not an IT issue.”
This includes, as outlined above, enlisting the expertise of a continuous monitoring provider and having frequent security awareness training to stay familiar with best practices for online safety—altogether, making cybersecurity part of your daily routine and culture.
“It takes a village, and it takes a lot of your own expertise, time, energy, and vigilance,” says Strassberg. “And then, as soon as you think you're there, stop and improve. It's a constant process.”
Creating a Culture of Cyber Proactivity
Taking the first steps toward building a culture of cyber safety can feel daunting, but partnering with an industry-leading SOCaaS for security awareness training and robust continuous monitoring can be a steady hand for lasting proactivity.
With 20 years of experience in the online threat landscape, Cybersafe Solutions’ team of certified specialists leverages the latest technology and to-the-minute intelligence to help your business fortify a culture of cybersecurity.
From thorough security awareness training to robust continuous monitoring, Cybersafe’s team of experts empowers you with best practices, full visibility, and daily vigilance over threats in your network for proactive mitigation, 24/7/365.
Cybersafe Solutions is a state-of-the-art managed security provider, specializing in managed detection, response, and containment. Offering 24/7/365 SOCaaS, our team of experts can seamlessly detect when a threat has penetrated the network, contain it, and eradicate it. To strengthen your culture of cybersecurity with industry-leading continuous monitoring, security awareness training, and more, contact us today.
