If you’ve been keeping an eye on our blog, you might have noticed a piece we published earlier in July on a report published by U.S. telco Verizon. It was a dense report, but we tried to put together a list of takeaways to give you a taste of the most important parts of where the issue is moving, and sadly, for small businesses- it’s not looking good.
As I mentioned early in the piece, “small businesses are the major prize for cybercriminals- accounting for nearly half of the recorded breaches.” The report specified that “no organisation is too large or too small to fall victim to a data breach,” and it’s important to keep in mind just how damaging a wide scale compromise of your systems would be- particularly if you’re a relatively new organisation on the block.
Amongst the takeaways from the report, we mentioned specifically that “of all recorded breaches in the report, small businesses were by far the biggest target for cyber criminals, accounting for 43% of all recorded breaches. The public sector took second place with 16%, healthcare with 15% and financial services accounting for 10% of breaches.”
This is an extremely scary statistic, and one that I hope would make you take cyber security, particularly in the early stages of establishing an organisation extremely seriously. Cyber criminals are smart and sophisticated- and they don’t discriminate who they attack; small businesses are a prime target for a reason.
So then, why are they targeting small organisations?
Well, to put it simply: It’s easier. It’s far easier for a hacker to gain access to a start-up or small business’ network and look for ways of profiting shortly after. Early on in the process of establishing an organisation, cyber security is more often than not a mere afterthought; there’s too many things to consider on the logistical side of establishing the organisation. It’s understandable, yes- but it’s also regrettable that cyber criminals have recognised this, and have doubled-down on their attacks on small businesses. The problem is compounded by the fact that this is also the most precarious time of your organisation’s existence- a time where you might just be making ends meet, or in some form of manageable debt. Medium to large organisations will usually have a pool of cash in which they can use as a contingency.
‘You’ve got other priorities- hackers both know this, and exploit it’
Once you move from the classification of a small to a medium-sized or large-sized organisation, you’re often legally required to increase the integrity of your information systems. Networks become more robust, staff receive more training and there is usually a dedicated team of dozens of IT specialists that are employed to keep this under control, and be constantly looking for gaps that could potentially be exploited.
They’re also less susceptible to phishing attempts at gathering personal information or implanting malware into a network due to the fact they have better spam filters in their email domains.
In the context of data breaches, you also need to consider the massive hit to your organisation’s reputation and the subsequent loss of trust from your customers that can often prove irreversible- particularly if you’re a relatively new small business. It can take years, if not decades to build up your organisation’s reputation, and mere seconds for it to completely evaporate in the wake of a cyber attack.
If you click over onto our previous piece on the cyber report here you’ll see at the bottom of the page a Best Practices to Prevent Breaches section in which we mention a few simple ways for your organisation to stay protected online, however, ISO 27001 Information Security Management remains one of the best ways for your organisation to weather the technological storm you face.
It’s a quality management system that is applicable for organisations big and small, regardless of your industry. One of the most impactful ways a quality management system like ISO 27001 can add to the integrity of your organisation’s information security processes is that it’s rooted in the belief that there’s no such thing as perfect security online, and therefore, you’ll need to constantly adapt to new challenges in the technological ecosystem. Hackers are quick to exploit complacency and laziness shown by organisations, and as you can see from the stats, they’re particularly interested in targeting small organisations.
Don’t wait until it’s too late!