health  systems,  financial  companies,  and  manufacturing,  including  construction,  supply  chains,
            distribution, and sales.

            The impact of these attacks can take any number of forms, including: malware, including but not limited
            to,  ransomware  (which  disables  the  ability  to  access  IT-systems  until  a  ransom  is  paid);  business
            interruption (income lost because of the inability to access systems); data restoration (reconstructing
            “lost”  company  and  customer  data);  social  engineering/phishing  (loss  of  money  based  on  the
            impersonation of a colleague, client or vendor); regulatory fines and penalties; liability to third-parties if
            their information is compromised; and reputational harm. Estimates for losses for these events runs from
            $20 billion in ransomware costs alone for 2021 up to $10.5 trillion (or $20 Million per minute) expected to
            be lost/spent by 2025 to respond, address and fight these attacks globally.

            According to the Cybersecurity and Infrastructure Agency (CISA), the FBI and the NSA, the ongoing
            success of these ransomware attacks has only further encouraged cyberthieves around the globe and
            should put businesses of every size on high alert throughout 2022.

            Specifically,  CISA  has  advised  that  ransomware  attackers  are  focusing  their  attention  on  critical
            infrastructure industries throughout the US, including:

               •  Emergency water services
               •  Energy sector
               •  Communications
               •  Financial services
               •  Healthcare sector

            Despite these grim predictions, it is imperative to remember that there are myriad tools available  to
            protect businesses against and mitigate the impact of cyber-related events.



            Internal Security Protocols / Controls

            Cybersecurity experts have identified many of the key vulnerabilities that criminals manipulate to enter
            computer systems, and how to fix them, including:

               •  Multi-factor authentication tools to safely access internal computer systems
               •  Robust Desktop Security Protocols, including virtual private networks, data encryption, complex
                   passwords, firewalls, and restricted access to admin rights
               •  Active management of systems and configurations
               •  A continuous hunt for network intrusions and third-party exposure threats
               •  Update and upgrade software immediately
               •  Develop  and  exercise  a  system  recovery  plan,  including  regular  testing  of  backups  for  data
                   integrity  and  restorability  and  preparing  and  annually  testing  of  incident  response/  business
                   continuity plan









                                                                                                              80