In an era marked by digital transformation and global business migration to the world wide web, cyber theft is considered the fastest growing form of criminal activity. To quantify, according to Accenture, the cost of cybercrime is set to cost business organizations a staggering $5.2 Trillion, globally, within the next five years.
According to Verizon, 43% of online attacks take aim at small businesses. Why? There are a few reasons. First, small businesses are often targeted because they simply do not have adequate security measures in place. In fact, Ponemon research suggests only 14% of small businesses are prepared to defend themselves, so cyber criminals can evade detection. Additionally, by targeting multiple small businesses, versus one large organization, cyber criminals improve their odds and financial rewards.
With these statistics, small business owners progressively need to start making cyber security a top priority in order to protect themselves.
Modern IT infrastructures have become more complex than ever before. The amount of virtual ground that must be secured has grown substantially. From desktop workstations to mobile device interactions, hackers have the ability to launch thousands of digital attacks to compromise any organizations’ business operations; and only one attack is required to cause serious business interruption.
Inevitability: Ignorance is Not Bliss
As a direct result of the increase in attack vectors, it’s a hypothetical guarantee that almost every modern organization’s IT infrastructure will be breached without adequate security measures in place from the get-go. This being the case, for small business owners, it should not be a matter of considering if a security threat will arise, but rather when a security threat will arise.
For small businesses, the story becomes even more alarming with cyber attacks costing small businesses an average of $200,000, according to insurer Hiscox, with 60% going out of business within six months of the attack. If severity alone was not enough, more than half of small businesses have suffered an attack in the last 12 months and 40% have experienced multiple incidents in the same time frame.
Still, in spite of these statistics, Keeper Security’s 2019 SMB Cyberthreat study, reveals two out of three of senior decision makers at small businesses still believe they are unlikely targets for cybercrime. In similar mindset, 60% of small businesses have absolutely no cybersecurity plans in place.
Attacks are more complex, occurring both faster, and more frequently. What’s worse is given that cyber-attacks tend to go an average of 101 days prior to detection by IT operators, the damage a small business can endure can quickly add up. Considering the additional expenses including regulatory breach reporting fees, attorney fees, forensic investigation and severe loss of revenue and brand value, the costs associated with cyber-attacks quickly add up for a small business.
Small Business Cybersecurity Recommendations
As discussed in previous Packetlabs blogs, human error remains the greatest threats to organizations of all sizes. Chubb reports that 30% of employees receive annual cyber security training, it is not a difficult task for cyber attackers to trick employees into “leaving the back door open” for an attack.
Packetlabs suggests that small business cybersecurity practises include a variety of strategies to combat cyber threats, including, but not limited to:
- Enforce daily backups and duplicates of data that can be retrieved in the event of a ransomware attack.
- Install anti-virus software, network firewalls and encryption tools to scan for viruses, guard against network attacks and keep sensitive company information safe.
- Prohibit the use of removable media at work. (USB drives, for example.
- Limit employee access to only the files, folders and applications that are required for their daily tasks.
- Provide regular, up to date training for employees on at least a quarterly basis.
- Use multifactor (MFA) authentication before authorizing any major, irregular or time-sensitive requests.
- Conduct regular penetration testing on all computer networks and applications to identify and remediate known vulnerabilities.
- Consider objective-based penetration testing to simulate real-world attack scenarios to test the effectiveness of security from all attack vectors, including physical and social.
Because threats may come from both internal and external sources, and the growing level of sensitive date, including company secrets and customer data that a business must protect; the best cyber defence for any business must be multi-faceted.