For your free Information Security Gap Analysis Checklist, click here.
We often talk about investments paying dividends in business- be it an investment in your staff, new procedures, your distribution or manufacturing methods, but there’s an even more important conversation that often gets left on the table centered on staying safe in the digital world. From personal experience, I’ve seen cyberattacks cripple organisations, and completely envelop others. For those leaders, cybersecurity just wasn’t a key priority for them as they were building the business. While I can empathise with this sentiment, it’s difficult to sympathise with it, considering the ravenous appetite that hackers have which has been widely documented in recent years… Some people just don’t believe it, or don’t want to believe it and make the subsequent investment into their information security policies.
Let’s have a look at the problem.
According to research published in the past few years, nearly half of the recorded cyberattacks were targeted small and medium-sized organisations. “Even though hackers have breached more than half of the 28 million small businesses in the United States, most small business owners are still not making cybersecurity a priority,” and this is exactly where our problem resides. While it’s easy to feel as though your organisation is too small to be targetted by cybercriminals, hackers aren’t incentivized in the same way you might think.
“Cybersecurity is clearly a concern that the entire business community shares, but it represents an especially pernicious threat to smaller businesses… the reason is simple: small and midsize businesses are not just targets of cybercrime; they are its principal target.”
The general sentiment from business owners is that they believe large, lucrative organisations are more likely to be targetted rather than their humble operation. The reality, however, is that small businesses are often the most fruitful for a cyber-criminal. The same, too applies in the context of ransomware, where a hacker can take control of an organisation’s system and prevent access to vital information until a ransom is paid. It’s reported that 58% of small business owners believe that ransomware is a serious financial threat, but only half of the respondents said that preventing it is a priority for the organisation. A SEC report states that “cybersecurity is clearly a concern that the entire business community shares, but it represents an especially pernicious threat to smaller businesses… the reason is simple: small and midsize businesses are not just targets of cybercrime; they are its principal target.”
What’s more scary is that Manta Trends is reporting that nearly 90 per cent of small business owners don’t believe that they are at risk of a cyber-attack, and one-in-three small businesses don’t even have basic tools - firewalls, spam filters, antivirus software and data encryption programs - to protect themselves. I think it’s fair at this point to draw a correlation between a lack of robust security policies with an easy pay-day for the hackers, and this is why we’re seeing cybercriminals gravitate toward the exploitation of small and medium-sized organisations for their nefarious activity. While a hacker might find a significantly higher pay-day from hacking a large organisation or financial institution, they’ll also have to invest a lot of their time to find a way into the system. Small businesses, on the other hand, require a relatively low-investment in comparison, where a hacker can exploit multiple small businesses in a relatively small timeframe.
The minute an organisation is relaxed about their security, a hacker will happily take advantage of this position, and sadly, this is a sentiment widely shared by a number of business founders. Organisations with less than 250 employees account for nearly half the cyber attacks, which averages out to around 4,000 each and every day.
This is particularly bad news for small businesses, especially when we consider how much hard work and time it takes to build up a reputation, and how quickly that disappears in the wake of a cyber breach that violates the privacy agreement you made to customers when taking their personally identifiable information. The US Securities and Exchange Commission estimates that half of small businesses that are hit by a cyber breach are forced to close within six-months of the breach. In addition to this, before they are forced to close, there are often millions of dollars in damages to pay; a Ponemon report puts the price tag at $1.2 million.
It’s a cliche to end on, but sometimes you’re left with little choice. Don’t wait, do not be complacent, and don’t underestimate the risks involved in operating in an increasingly dangerous digital landscape. For a relatively low investment, you can lessen the chance your organisation’s people and procedures are crippled by a cyber breach, and it’s likely to become the best investment you’ve ever made.