We’ve Left the Light on For You
Small Businesses + Unpreparedness = Easy Cyber Attack
According to a recent survey, almost 80% of small businesses in the United States do not have a cyber attack response plan. That means there’s no contingency if those businesses get hit by a computer virus, phishing scam or ransomware, even though more than half (54%) have been the victim of some kind of cyber attack or breach. Small businesses are easy targets since many of them believe no one would bother to attack them or (and this is the best line) “we don’t have anything worth taking anyway.” Try justifying that line to your employees who are out of work for a month while you try to get your business back up and running (60 percent of those who did experience a cyber attack said it took longer than a month to recover). Sometimes small businesses are forced to close up shop because the cyber attack has catastrophically crippled their operation. Unfortunately, most small business owners have left the light on for hackers to exploit them and their resources.
“Cyber criminals are getting more sophisticated and realizing that small businesses are easy targets.” – Mark Berven, president of Nationwide Property & Casualty
It’s past time for small businesses to realize there are serious threats out there and that they are the targets. Security breaches in the healthcare industry alone rose 33% between Q2 and Q3 of this year (and those are just the ones that disclosed a breach). In the month of September, nearly 247,000 patient records were breached.
“I’d say the threat level is critical. Small businesses lack the resources, the security and the multi-layer defense programs to help protect themselves. And it’s only escalating.” – Ed Cabrera, VP of Cybersecurity Strategy at Trend Micro
A Dynamic & Dangerous Landscape
According to Symantec’s Internet Security Threat Report, malware variants are increasing at a rate of about 40% per year, with ransomware increasing at 35%. Data from the U.S. Department of Justice earlier this year showed ransomware increasing by 400%, with nearly 4,000 attacks per day being reported. The FBI estimates that ransomware will become a billion dollar business this year. Between 2014 and 2015 zero-day threats (those for which there is no known defense) increased a whopping 125%. As threats increase, the anti-virus industry responds with new products and new virus definitions in order to combat the new threats. It’s a constant game of cat-and-mouse and anti-virus makers are often simply responding to existing threats rather than proactively protecting against new ones.
The recent attack utilizing networked devices such as security cameras and network video recorders highlights the creativity with which hackers are tuning their exploits. This attack, which affected a large swath of the Internet, impacted sites like Twitter, Amazon, Spotify, Netflix and some VoIP telephone providers. It was a broad attack utilizing a huge botnet and is a harbinger of things to come. Even more concerning for businesses is the continuing rise of threats on mobile devices. Threats on mobile devices increased a staggering 214% between 2014 and 2015. For small and medium-sized businesses that support a “bring your own device” policy, this is a serious threat.
Design a Cyber Security Plan
Assess the Risk
The consensus is clear: small and medium-sized businesses are considered prime targets for cyber attack. The risks are real and severe: a month or more to recover your operation after an attack, possibly having to close down your business altogether. With threats increasing in number and frequency and being deployed through multiple innovative channels, small businesses need a robust defense to safeguard themselves against the rising tide.
Build a Strategy
A robust security strategy should provide multiple layers of protection, including:
- Network infrastructure security
- Employee identity & password management
- Redundant data backup
- Server protection & monitoring
- Endpoint protection & monitoring
Count the Cost
Examine the costs of hardware and software required to harden your network and data against attack in the context of what it would cost in downtime, repair and recovery if your business suffered a cyber attack. Sometimes, it can be costly to set up the right network infrastructure and put products, services and procedures in place to secure your network and data. But often these costs pale in comparison to the cost of damage control after an attack. The I.T. Ranger offers robust security and data backup services that literally cost your business less than a cup of coffee per day per user. What’s more, our managed services include everything you need to protect your workstations, servers and mobile devices.
Fill out the form below to get your Cyber Attack Readiness Report: