Cybercrime isn’t just in the news, it’s a topic of conversation. Chances are that you know someone who has either been the victim of a cyberattack, or whose employer has had a hacking incident. More and more small and medium sized businesses (SMB) are being targeted by cybercriminals. In fact, up to 41% of all attacks are directed at SMBs, according to a Symantec sponsored study.(1) Criminals are even narrowing their target on small businesses. Companies that have 11 – 100 employees are 15 times more likely to experience a serious breach, according to a Verizon study.(2) Consider three reasons why IT security is an increasing concern for businesses.
1. Companies Think "It won't happen to us"
It’s common for SMBs to think that they are too small to be targeted by cyber security threats so they have not made IT security a priority nor taken the time to understand their exposure to risk. Because of their “it won’t happen to us” mentality, having a firewall and anti-virus program in place gives them a false sense of security. These are important layers of protection, but may not stretch out to all of the devices connected to their network, nor all of the cloud services that employees utilize. Additionally, with the rise of social engineering as a way to sidestep technical barriers and get an employee to unknowingly admit entry to the company network, it’s like circling the castle with a moat but leaving the drawbridge down.
2. Businesses Don’t Realize the Value of Their Information or Connections
Some information that businesses routinely gather and store is recognized for its value – financial records, bank account information, and employee files – and steps are taken to limit access internally and externally. Businesses also recognize the value of their customer lists and transactional histories but may not connect it with the possibility of a total business shut down if it were stolen or kidnapped. An inventory of information assets could reveal intellectual property in the form of designs, marketing plans, and operational processes that are important components of the company’s competitive advantage. Similar information assets that belong to clients could also live in company networks, and very large data breaches have occurred because the network of a company in the supply chain was exploited. (Do you know how the Target breach happened?)
3. Cybercrime is Easy
The technology that has fueled the digital transformation of business is the same technology that has created a whole cybercrime ecosystem. There are employment opportunities, payment systems and a whole marketplace of technology resources that don’t take a computer programmer to operate. Any would-be hacker can buy a kit for as little as $200 or sign up for a subscription to a software package for $50 a month. Cybercriminals even collaborate together to use each other’s expertise, and one will infect machines and sell that access to another to load a virus. Automation has also increased the sheer volume of businesses that criminals can touch and the chance of finding an unlocked door increases.
Complacency is No Longer an Option
In order to stand up a strong defense against cybercrime, SMBs need to talk about IT security concerns with the whole company, and implement measures with a multilayered approach. Technical defenses that protect against attacks and invasions are just as important as security training for employees, backed up by company policies that encourage and support a culture of awareness and responsibility. Security is a business concern and the repercussions of cybercrime can affect the very life of a business. The impact of a cyberattack can include loss of business during the attack, loss of company assets, damaged reputation, clean up after the attack, and possible litigation and legal fees. Complacency is no longer an option.
Learn more about how cybercriminals operate and what you can do to protect your business by watching our on-demand webinar - Cybercrime: Why Businesses are Vulnerable and How to Mitigate Risk.
- Symantec: https://www.staysafeonline.org/stay-safe-online/resources/small-business-online-security-infographic, http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_v19_21291018.en-us.pdf
- Verizon: http://www.verizonenterprise.com/DBIR/