If you follow ANY news these days, you can’t help but become aware of more and more data, privacy, and/or security breaches, along with how customers of those businesses impacted are also affected by them.
To be honest, given the volume of these incidents, it would be understandable for small and mid-sized businesses to simply give up and believe that if larger enterprises are defenseless against them, then they must certainly be as well! Additionally, a common misunderstanding of small to mid-sized business is to believe that they simply aren’t worth the hacker’s time and effort, leading to even more haphazard cybersecurity practices. Quite the opposite is true, however, as most hackers have an even greater understanding of the value of the data they are stealing than the organization being compromised!
This sort of defeatist thinking can be very harmful to your business and leave your private data (and that of your customers) even more vulnerable. In fact, the growing number of disclosed incidents means that cybersecurity measures need to taken even more seriously! Appropriately implemented, these measures can effectively minimize your risk of a breach and will help to instill customer confidence.
Below are three cybersecurity myths that your business should simply NOT believe!
1. We’re Too Small To Be Hacked
As mentioned above, a significant miscalculation made by small & mid-sized businesses is that they believe they are too small to be the target of hackers. This error in judgement can lead businesses to believe that they don’t have to invest in their cybersecurity. However, the opposite is quite true. Hackers target small businesses because they are easier to attack. Since these organizations have a lot of data but little protection, it is actually easier for hackers to successful gain access to the information they want.
2. Cybersecurity Is IT’s Problem
It’s easy to push the problem to be the responsibility of the IT department (if you even HAVE an IT department!), but that thinking doesn’t solve anything. The security of an organization’s data is not an IT problem, but rather a problem for the business as a whole to ensure is addressed. Granted, the IT department (again, if there is one) needs to protect the data and understand how it’s important, but the business needs to also understand how it’s important, and how it can be appropriately secured, backed up and restored if it was to ever be compromised.
3. Antivirus Means We’re Covered
Having a decent antivirus program is important and a good start … but it is simply NOT enough. Antivirus programs can protect you from certain attacks but won’t be able to protect you from others. That’s why it is crucial to have a multi-layered approach to security … thereby ensuring that you have other ways to cover your security needs. For instance, no antivirus program will ever be able to address human error due to phishing emails or other mistakes (this would require established cybersecurity guidelines for employees to follow).
Fact #1: The Cost of Cybercrimes Is Increasing
By 2021, cybercrimes will cost $6 trillion per year worldwide. The cost of cybercrimes has almost doubled over the last five years, up from $3 trillion in 2015, according to a report published by Cybersecurity Ventures. This includes not only stolen money and ransom, but also the value of lost productivity and intellectual property, data theft, business disruption, reputational harm, and more. Experienced cybersecurity professionals can help reduce this cost for their organizations by putting protections into place, firming up security policies and identifying vulnerabilities before attacks happen.
Fact #2: Ransomware Attacks Are Everywhere
Businesses experience ransomware attacks every 40 seconds. According to Kaspersky Lab, between January and September 2016, businesses experienced ransomware attacks once every 40 seconds, up from the previous rate of once every 2 minutes. Also, in 2016, the number of daily ransomware attacks jumped 300%, from 1,000 per day in 2015 to 4,000 per day in 2016, and nearly one-fifth of hacking attacks included ransomware. As the threat of ransomware continues to increase, it’s important for organizations to have a response plan in place when (not if) it happens to them.
Fact #3: Malicious Emails
1 in 131 emails is malicious. More than half of all emails are spam, according to Symantec’s 2018 Internet Security Threat Report, and the amount of spam containing malware continues to increase. Today, malware has gone pro, with authors outsourcing spam campaigns to specialists, and the scale of these operations indicates profitability, which means they will likely continue, according to Symantec. Training staff to use caution with unknown emails can be the first line of defense in cybersecurity.
Fact #4: Network Vulnerability Is Pervasive
Attackers reside within a network for an average of 146 days before being detected. Although this number has dropped from a prior 200-day average, the fact that hackers can dwell undetected for almost five months should raise red flags. Experienced cybersecurity professionals can not only identify and analyze anomalies on the network, they can manage vulnerabilities before an attack occurs.
Fact #5: Need Outpaces Availability In The Cybersecurity Profession
Apart from the reality that cybersecurity is everyone’s responsibility, from the help desk to the CIO and even non-IT employees, unfilled professional cybersecurity roles will reach 3.5 million by 2021. In fact, the number of jobs specifically in the field of cybersecurity will increase exponentially in the next five years. And Cybersecurity Ventures estimates that by 2021 every large company globally will have a chief information security officer (CISO) in seat, compared to the 65 percent that have one now and the 50 percent that did in 2016.
Fact #6: IoT Devices Create New Vulnerabilities
An IoT device can be attacked in less than 2 minutes. By the end of 2017, the world had 8.4 billion connected devices, up 31 percent from 2016, according to a Gartner study. While consumers are driving the adoption of IoT devices, companies will spend an estimated $964 billion on IoT hardware this year. Cisco estimates that the number of IoT devices will be three times as high as the global population by 2021! But what do connected devices have to do with cybersecurity? Not all IoT devices are created equal when it comes to security – some are put on the market so quickly that they have vulnerabilities, and the consumers using these devices may not set them up securely when they bring their own devices to work, exposing their employer to cyber-threats. IT pros need to apply behavioral analytics to IoT devices in the same way they do to computers, servers and the network. Anything could be vulnerable.
AUTHOR: Wade Richmond is the founder and CEO of CISO ToGo, a cybersecurity firm specializing in the needs of small and medium sized business. Wade has 33 years of experience in IT, including Chief Information Security Officer roles for such large enterprises as BJ’s Wholesale Clubs, Ahold USA, Sensata Technologies, GTECH Corporation, Citizens Financial Group and CVS Pharmacies. In these positions, he has been responsible for providing leadership and direction to all cybersecurity and IT risk efforts associated with information technology applications, communications and computing services. To find out more information, please visit www.CISO-ToGo.com.