Why Entrepreneurs and SMB Leaders Can't Afford to Ignore Cybersecurity

blog-img-4

Small businesses have long been considered unlikely targets for cybercriminals — why would anybody go through the time and effort to attack SMBs when the big fish are right there, ripe for the taking? What does my small business have worth taking in the first place? Nobody would ever waste their their time attacking me, right?

Unfortunately, the majority of small business owners share this line of thinking. A poll by Manta has revealed that a shocking 87 percent of small business owners do not “feel that they are at risk of experiencing a data breach.” The truth, however, is far from comforting, and indicates that more small business owners should be concerned.

The Ponemon Institute’s 2016 State of SMB Cybersecurity report surveyed 600 IT leaders of small and medium sized businesses, and in their words, “the results are clear: no business is immune to a cyber attack or data breach.” In fact, a surprisingly high number of SMBs were breached in 2016. The results of the report showed:

  • 50% of SMBs have been breached in the past 12 months.
  • The most prevalent attacks against SMBs are web-based and phishing/social engineering.
  • 59% of SMBs have no visibility into employee password practices and hygiene.
  • 65% of SMBs that have a password policy do not strictly enforce it.

Considering that almost half of all small businesses were hit by a cyberattack in the year 2016, and that almost nine out of ten of those same businesses feel/felt that they are/were safe from said attacks, there’s obviously a disconnect in the thinking somewhere. With the way that the global cybersecurity landscape is evolving and with the threats that are arising from that landscape, there’s absolutely no way that today’s business leaders can afford to ignore cybersecurity.

Threats on the Rise

One of the reasons that the world has seen such a marked increase in malware is simply that malware has become more affordable. SecureWorks’s “2017 State of Cybercrime Report” highlights that even those without strong skills or knowledge related to hacking or data securities can now afford tools to aid them in cyber crime. These include spam bots and botnets as well as precompiled binaries and other tools — not to mention malware/hacking as a service (MaaS / HaaS). Generally these types of tools and services are purchased via the dark web and other shady corners of the internet.

One of these products is ready-to-deploy malware, which includes ransomware. Ransomware became well-known around the globe after one strain of it, WannaCry, infected 75,000 computers in over 99 countries on its first day in the wild. SC Magazine points out that there are over 200 new ransomware variants (up 122 percent since last year), and that they vary in how effective they are. The most effective will encrypt your hard drives, be they on personal computers, servers, whatever, and unless you pay the attackers a ransom in cryptocurrency your systems will remain inaccessible forever.

To make matters worse, the skills and information that it takes to protect against and respond to cyber attacks gets more complex. According to ECPI, the cybersecurity professional shortage is defined by the fact that in the U.S., 200,000 cybersecurity jobs are available annually, yet 40,000 of those jobs go unfilled — this same number could rise to two million globally if something isn’t done about it, spelling bad news for businesses around the world.

Human Error and Threats in the Cloud

Unfortunately, all of this spells bad news for entrepreneurs and small business owners, who are generally less prepared to deal with cyber attacks than bigger organizations are. While enterprise-level corporations have the budget for complex prevention and response systems, as well as the budget to deal with the monetary loss that comes with a breach, smaller organizations might end up going out of business as a result of just one attack.

Larger organizations also benefit from larger training budgets, and they can dedicated them to ongoing employee education toward identifying cyber threats and mitigating these risks. In the face of the cybersecurity skills gap, this type of training is essential, especially when human error and employee ignorance are the root of many breaches, causing Harvard Business Review to proclaim that the biggest cybersecurity threats are inside your company, and capitalized upon by outside actors.

The problem of human error inviting attacks is one that spans beyond your company, however, and may end up affecting anybody that uses cloud computing services. Sgt. Mark Varnau of the San Diego County Sheriff’s Office is also the law enforcement coordinator for the Computer and Technology Crime High-Tech Response Team, aka CATCH. In an article with San Diego Union Tribune, Varnau warns that cyber criminals are setting sights on the cloud next.

“Ransomware will attack the cloud,” he said. “They’re not there yet, but it is a matter of time.”

This ups the ante, and adds another potential threat vector for entrepreneurs to worry about, considering that 85 percentage of enterprises have a multi-cloud strategy, according to Right Scale’s “2017 State of the Cloud Survey”. Small businesses are also increasingly turning to cloud solutions for day to day operations, meaning that they need to consider the threats that may arise from cloud data loss and breaches.

Entrepreneurs and SMB leaders must take into account that they are now considered “easy” targets by cyber criminals, especially if they they think they aren’t. That, compounded with the rise of accessible, ready-to-deploy malware, the cybersecurity skills gap, and the threat of human error ensure that business professional who don’t take cyber security seriously will see their organizations hit hard by malicious actors. Don’t let yours be one of them.

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, 18 September 2018
If you'd like to register, please fill in the username, password and name fields.

Member Login

Business Insights & Tips

Leaderboard

1
Ron Immink
731 Points
2
Michael Lane
702 Points
3
Fionan Murray
665 Points
4
Jill Holtz
501 Points
5
ContentLive
252 Points
View Leaderboard