How often do you read news about major data breaches that have happened at multinational companies? The answer is probably a lot. This is unsurprising because data breaches (or any cyber attack) of that scale will affect countless people’s lives. As far as newsworthy goes, these attacks more than qualify.
This can lead many to assume that big companies are the only targets of malicious attacks, but this is far from the case. In truth, small to medium-sized businesses (SMBs) are frequently under threat of cyber attack, and they are almost always less capable of defending themselves.
This has led to a state of affairs where, with advancing complexity like cyberattacks, SMBs are having to adapt to a new decade where they will find themselves the targets of cybercriminals. After all, while the potential spoils of hacking a company like Amazon are enormous, it is far easier to attack a poorly guarded SMB.
Increasing Rate of Cyber Attacks on SMBs
Cyberattacks on SMBs aren’t just dangerous, due to limited cybersecurity budgets, they’re also increasing. In a study by the Ponemon Institute -who specializes in security research- it was shown that SMBs are facing a new challenge they need to tackle head-on. The study, labeled “The 2019 Global State of Cybersecurity in SMBs”, stated that over the last three years SMBs have seen an increase after the increase of cybersecurity attacks.
This conclusion was drawn from a survey of over 2000 IT security practitioners across the world. It found that cybersecurity attacks against UK, US, and European businesses were growing not just in frequency, but in the sophistication of the attacks. Malicious strategies such as ransomware, malware, and DDoS have all been on the rise, and in many instances are harder to prevent than ever.
Almost half of all survey respondents stated that their business security was substandard and that they had no incident response plan in place. Cybercriminal attacks are evolving with more rapidity than ever, and more and more companies of all sizes are finding themselves in their crosshairs. Far from being limited to loss of money, the costs of many attacks extend to a significant loss of credibility, to catastrophic damage to business systems. The report also noted that rather than being isolated to a single nation, cyber-attacks are a worldwide phenomenon.
The increase in attacks is more dramatic than most would realize. Over three-quarters of all US companies surveyed were attacked in the last year; an increase of 55% from 2016’s survey. Across the world, 66% of all businesses reported being victims of an attack in the past year as well.
Attacks that are built around deception are more popular than ever. The study noted that sophisticated phishing techniques accounted for half of all attacks, and stolen devices and credential theft accounted for a third. These were by far the most common attacks faced by SMBs across the world. The cost to businesses from such attacks was invariably data loss.
Globally, over 60% of all businesses suffered a loss of customer or employee information in the last year. Which, given how many companies process sensitive information, when accepting online payments and other transactional details, can leave businesses at risk of hurting their customers as well as themselves.
The Cost of Emerging Technologies
More and more, SMBs are adopting new emerging technologies to stay competitive in the marketplace. The internet of things, mobile apps and devices, and biometrics are all becoming more and more commonly used, but the security competence that is required to go with them is less so.
Across the Ponemon survey, it was shown that 50% of businesses were using mobile devices to access enormous quantities of their business-critical applications. Yet at the same time, an almost identical portion of the same businesses reported that mobile device usage left them vulnerable to a cyber attack.
Additionally, 80% of businesses report that they believe a security breach across unsecured IoT devices could destroy their business. But despite this, only 20% of them monitored their IoT devices for security risks.
More reassuring is the fact that biometrics may be becoming a mainstream technology for businesses of all sizes. If SMBs can implement biometrics to add multiple-factor authentication to their business-critical apps, this will go a long way towards securing them against attackers.
How SMBs Can Protect Themselves Against Cyberattacks
There are several steps that SMBs can take to protect themselves against cyber attacks. By far the most important among them is to educate employees at every level of the organization about the cyber attack risks they are facing, and the correct measures to ensure they are protected from small to high-level malware threats. A business that isn’t ignorant of threats around them is far less likely to fall prey than one that is.
As countless cyber-attacks begin with an unsuspecting employee opening a seemingly harmless phishing email, they must understand how to identify these threats. There are countless free training options available that can help employees to spot threats in real-time. Likewise, instructing your employees on correct procedures when working on an unsecured network can help to prevent bad agents from spying on their activity. Investing in both training and a top-line encrypted virtual private network (VPN) can help to prevent this issue.
The second most obvious solution is to recognize the need for increased cybersecurity spending. Although this may hurt total profits, it will hurt a lot less than a potential data breach or an advanced ransomware attack. Many third-party cybersecurity companies can be hired to assess your level of security and help to identify any vulnerabilities. They can then provide you with tools and real-time monitoring to protect your business before, during, and after any threats.
Likewise, many companies provide software and tools that help to protect smaller businesses from cybersecurity threats. These can help to secure your entire working environment, whether it’s on macOS, Windows, iOS or others. Many of these solutions can be installed in a few minutes, and will greatly improve a business’s level of security.
Wrapping it Up
Small businesses have never been at greater risk of a cyber attack than they are now. But while this may seem like terrible news, it doesn’t mean they are powerless. By recognizing the level of threat and appreciating the need for action, small businesses can make sure their level of security is adequate for the changing decade.
About the author: Sam Bocetta is a freelance journalist specializing in U.S. diplomacy and national security, with emphasis on technology trends in cyberwarfare, cyberdefense, and cryptography.