Attacks/Breaches

1/24/2019
10:30 AM
Connect Directly
Twitter
RSS
E-Mail vvv
50%
50%

Why Cybersecurity Must Be a Top Priority for Small & Midsize Businesses

The big corporations may grab the headlines, but America's SMBs have the most to lose in the aftermath of a data breach.

From Equifax to Under Armour to the recent news from Marriott, it seems that every week brings a new headline regarding a major data or security breach. The Marriott hack is just the latest in a long line of high-profile cyberattacks, with the hotel giant revealing that a massive breach exposed the personal data of more than 500 million customers.

But though the big corporations seize the cyberattack headlines, America's small and midsize businesses may have even more to lose when it comes to the ramifications of a breach. From the immediate damage (both financially and in terms of hours of lost productivity) to the lasting harm to a company's reputation and brand credibility, the stakes for cybersecurity have never been higher for smaller businesses. According to the US National Cyber Security Alliance, an estimated 60% of small companies will go out of business within just six months of a cyberattack, illustrating the real-world consequences of inadequate cybersecurity measures.

As technology advances, so will the prevalence and scope of cyberattacks. Every day, the Internet of Things (IoT) is making our world more interconnected, with an estimated 20 billion loT devices expected to be deployed by 2020. With this increased connectivity and greater reliance on mobile technologies come additional points of vulnerability — and the potential for greater damage from cyberattacks launched by criminals, nation-states, and other bad-faith actors.

The Risk for Small and Midsize Companies
This is the new reality of the digital world, and public and private entities — from government agencies and multinational corporations to small and midsize businesses — must be prepared to place a higher priority on implementing cybersecurity measures.

In the case of small and midsize businesses, statistics show that they are not only just as vulnerable to a breach, but the consequences of such an event can be downright catastrophic. According to data gathered by the Ponemon Institute, the percentage of small businesses that have experienced a cyberattack climbed from 55% in 2016 to 61% in 2017. In Verizon's 2018 Data Breach Investigations Report, 58% of malware attack victims were categorized as small businesses.

The most alarming statistics, however, relate to the potential monetary and long-term impact of a breach. The Ponemon study notes that in 2017, the average cost of cyberattacks on small and medium-size businesses was more than $2.2 million, with malware-related costs averaging more than $1 million in damages or theft of IT assets and more than $1.2 million as a result of the disruption to business operations. Those are staggering numbers — and they help explain why an estimated 60% of small companies go out of business within six months of a cyberattack.

How to Protect Yourself 
Given the high stakes that come with a potential breach, small and midsize businesses can take steps to protect their most vital and confidential information. To start, organizations must have a cybersecurity plan in place that will protect their assets and maintain the profitability of the business. Here are three recommendations for building out broader cybersecurity protocols:

  • Have a cybersecurity audit performed by an outside source. Even if you are confident that your IT department has the organization covered, there are major benefits to having another set of eyes that are divorced from the daily processes of your business to evaluate potential vulnerabilities within the organization. While security and technological performance are both tied to IT, having an experienced cybersecurity professional devoted to just the security aspect may reveal unforeseen vulnerabilities.
  • Create an organizationwide policy that fits the unique needs of your business. There is no one-size-fits-all approach when building out preventative cybersecurity measures and recovery protocols. This means each organization must sit down and identify what companywide information is invaluable to the business, where it is located, how potential hackers could gain access to this information, and what measures could be put in place to prevent or mitigate the damage of a cyberattack.  
  • Implement awareness programs that emphasize the importance of proper "cyber hygiene." Maintaining the digital security of an entire organization extends far beyond technology and firewalls. Human error often plays a significant role in a breach. Every employee, from the C-suite down, is responsible for exercising good judgment and following companywide cyber protocols. As such, implementing employee training programs is a critical way of informing and reminding employees of potential threats.

Bottom line: Investing in cybersecurity will protect the clients and IP revenue, and create business resilience, thus securing the future of your business.

Related Content:

Tom Ridge, former Secretary of the U.S. Department of Homeland Security; Chairman of Cybersecurity and Technology, alliantgroup Tom Ridge served as the nation's first Secretary of Homeland Security, leading an agency of more than 180,000 employees responsible for ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
UdyRegan
50%
50%
UdyRegan,
User Rank: Apprentice
2/14/2019 | 1:14:32 AM
Small means easier
It is the mentality of small and midsize business owners which assumes security isn't their biggest concern. Little do they know that they could actually wind up for good as soon as even the slightest hack were to hit them. Since they are small, it becomes even easier to consume them whole.
michaelmaloney
50%
50%
michaelmaloney,
User Rank: Apprentice
2/11/2019 | 12:28:08 AM
Teach and tell!
Small businesses balk when they see the price tag that's attached to security solutions. I think that if they had access to better security products for their company systems, a lot more people would be willing to dig out the money from storage to pay for such protection! it's really a matter of showing them what the options and alternatives are available for their own good...
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
1/30/2019 | 2:47:35 PM
Re: As a consultant for small business
Good and not good - the cloud by itself is not a guarantor of protection - if anything, it then opens up another can of potential worms and infections even less understood or visible to the client or consultant sometimes.  Remember the wisdom of dear Woz several years ago - there is no security in the cloud.  Wozniak was rarely if ever wrong. 
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/29/2019 | 10:52:05 AM
Audit
Have a cybersecurity audit performed by an outside source. I think this is where it needs to start. Without audit we would not know what is vulnerable in the environment.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/29/2019 | 10:50:33 AM
Re: As a consultant for small business
malware and forensics for SMALL business that cannot afford A CIISP or similiar level of expertise. That is good. Lots of companies are looking for these types of services.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/29/2019 | 10:49:36 AM
Re: As a consultant for small business
Now my backup and restore protocols were very very good indeed. That is good. Backups help a lot of course against ransomware. It needs to go beyond that to stay secure.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/29/2019 | 10:47:43 AM
Re: As a consultant for small business
small business - server, workstations, virus and malware support Makes sense. Today small business are more complex than that but also they have help. They can go with Cloud solution to keep themselves secure.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/29/2019 | 10:45:22 AM
58%
58% of malware attack victims were categorized as small businesses. It looks like more small business than not. I would think number is higher since we hardly hear any breach happened in a small business.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
1/24/2019 | 3:12:04 PM
As a consultant for small business
Several years ago i was self-employed as a consultant for small business - server, workstations, virus and malware support but for the latter two i did the basics and no real knowledge until moving to Georgia and employed with a malware forensics shop.  WOW.   What i did not know.  Now my backup and restore protocols were very very good indeed.  I survived September 11 in the south tower and am familiar with restore in an environment from hell.  Over 1,000 systems.  Aon.  So i was good at that aspect for business but down here, I anticipate re-starting my business for this purpose - malware and forensics for SMALL business that cannot afford A CIISP or similiar level of expertise.   For small buis - there is no one manning for fort at all.  I intend to change that. 
High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
Making the Case for a Cybersecurity Moon Shot
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  2/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3474
PUBLISHED: 2019-02-20
A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
CVE-2019-3475
PUBLISHED: 2019-02-20
A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
CVE-2019-10030
PUBLISHED: 2019-02-20
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
CVE-2019-10030
PUBLISHED: 2019-02-20
A exposure of sensitive information vulnerability exists in Jenkins Cloud Foundry Plugin 2.3.1 and earlier in AbstractCloudFoundryPushDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through anoth...
CVE-2019-10030
PUBLISHED: 2019-02-20
A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified Mattermost server and room and send a message.