Most small business owners could not imagine their business assets being the target of a cyberattack. The alarming truth is they have become highly valued targets in this cyberwar. In the midst of an economic recovery led by Small and Medium-sized Businesses (SMBs), these companies need to protect their corporate assets as diligently as large corporations do.
As many news contributors and politicians have said, “We are going to rebuild the economy on the backs of small businesses.” This reality has positioned SMBs as highly attractive targets to hackers wanting to disrupt our economic recovery.
The threat of cybercrime is ever-growing. As of 2016 cybercrime damage has reached $3 trillion annually, which is greater than the profitability of the combined world-wide drug trade. A cyberattack can be devastating, wreaking financial havoc and causing damage to reputation and loss of clients.
The reality of cybercrime
Historically, large businesses have been the principal targets of cybercrime, due to the large amount of “loot” (intellectual property, money, client information, etc.) that is available for the taking. However, SMBs are now becoming more enticing targets as larger corporations are strengthening their defenses and investing in cybercrime mitigations.
More often than not, cyber criminals are simply trying to find the easiest, most vulnerable targets to attack. SMBs typically hold the same type of sensitive information as large businesses but do not safeguard the information as vigorously as large companies do. SMBs have become more susceptible targets because they often lack the technical resources and expertise to maintain strong security defenses.
Total cost of recovery
While monetary losses are typically the main concern with cyberattacks, there are several other intangible factors at stake, including loss of reputation, risk of liability, and more.
Larger companies with significant financial reserves and ready access to legal support can typically weather a severe attack. However, an alarming 60 percent of SMBs go out of business after a cyberattack. For small and large businesses alike the cost of prevention is significantly lower than the cost of recovery.
Here are other alarming statistics:
- 43 percent of cyberattacks target small business
- 14 percent of SMBs rate their ability to mitigate cyber risks, vulnerabilities, and attacks as highly effective
- 48 percent of data security breaches are caused by acts of malicious intent
- 75 percent of small businesses have no cyber risk insurance
It is overwhelmingly clear that becoming cyber-threat aware as an SMB is critical for survival in today’s economy.
The ever-evolving threat of cyberattacks calls for proactive threat management. The landscape of cybercrime is constantly changing and ongoing vigilance is absolutely critical. SMBs should no longer expect that their IT teams alone are equipped to handle these threats. The prevention of cybercrime requires the effort of all employees, from the administrative assistants to the CEOs.
Defining and enforcing a company-wide security policy is key to a unified cybercrime defense.
To address the problem of cyberattacks, consider the following steps for a more stable and secure infrastructure—and a more peaceful night’s sleep:
- Start with a cyber security current state assessment. You need to understand where the vulnerabilities are to start the lockdown process.
- Create a ‘desired state’ definition for cyber security in your organization so that you know where you need to go. Steve Covey was famous for promoting “Begin with\ the End in Mind.”
- Document a remediation plan to protect your vital assets, close the gaps and lock the attackers out.
- Have a formal cyber security policy so your entire company knows what the expectations are, including strong passwords, remote access, and an intrusion response plan.
- Conduct a yearly or semi-yearly audit & penetration test. Threats change so we must be able to respond and validate the soundness of our defenses regularly.
- Work with reputable cyber security professionals who can provide references and who have a proven track record with SMBs.