Earlier this year, Microsoft president Brad Smith called on nations to adopt a so-called Digital Geneva Convention. While aimed at world governments, I doubt few would argue the need for a set of international laws governing every nation, state, and human on issues of cybersecurity.
We can all probably guess why: Cybersecurity is one of the greatest threats we face today. For some context, consider that McAfee estimates the global economic cost of cybercrime and cyber-espionage at between $300 billion and $1 trillion per year.
Also think about the explosive growth of ransomware, a phenomenon by which a user’s or business’ data is hacked and held for ransom. Per a report published by SonicWall, ransomware rose from 3.8 million attacks in 2015 to 638 million in 2016. Yes, you read that right: There were 167 times more ransomware attacks in 2016 than 2015. (Verizon’s newly released 2017 data breach report also found significant growth in ransomware attacks.)
While it’s true that large corporations may be the most lucrative targets for hackers, it is the small businesses that hackers are now after. Indeed, 60% of all targeted cyberattacks in 2014 struck a small or midsized business. Shockingly however, most small businesses remain unconcerned about cyberattacks. According to a 2016 report by the National Federation of Independent Business, small business owners rank cybercrime 51st out of 75 possible business concerns.
Small businesses make for ripe targets for a host of reasons. For one, they often lack the security resources of larger corporations. They are also often a gateway to larger corporations. Many people remember the 2013 hacking of Target, but fewer know that the company was hacked through its much smaller HVAC vendor.
Even so, there is one bigger, more glaring reason why cybersecurity should be at the top of every small business’ list. It is estimated by the National Cyber Security Alliance that 60% of small businesses go out of business within six months of a data breach. And, as the Denver Post reports, “the average price for small businesses to clean up after their businesses have been hacked stands at $690,000; … for middle market companies, it’s over $1 million.”
How small businesses can protect themselves
For starters, when it comes to your business applications – things like your financial, marketing, and production systems – one of the smartest moves small businesses can make is to move to the cloud.
The advantages are compelling. They include the constant monitoring of infrastructure by highly trained solution providers. Also, secure servers are hosted in a variety of locations, safeguarding data better than an in-house data center. And, need I mention the convenience aspect? Think about it. Things like data storage, security patch management, vulnerability scanning, Web application firewall, advanced threat management (you get the idea) are no longer your problem, but your cloud provider’s. And these things are managed better, which in turn makes your business more secure.
Yes, there have been high-profile cases of cloud security breaches – say, Target and Apple’s iCloud. But, as Trip Wire points out, these “breaches were a result of human error, not shortcomings of the cloud.” In fact, human error is the primary cause of the majority of security breaches. A 2014 IBM report indicates that, in more than 95% of all the security incidents they investigated, human error was a factor.
Another way small businesses can improve their security – regardless if they’re fully cloud operational or not – is to improve collaboration between their chief security officers and their security and application teams. This is something small and midsized businesses can fix tomorrow. It’s amazing to me that in 2017 these groups often remain siloed from each other. Organizations are letting this happen at their own peril.
Breaches via mobile devices are another burgeoning security concern. According to an Intuit eBook: “Nearly half of small business owners use a smartphone as the primary device to run their operations.” As smartphone use and capabilities continue to boom, and as “bring your own device” policies continue to grow, mobile will increasingly become a security concern. We’re already seeing some of the problems. These include connecting to public WiFi hotspots, which can expose your data or be malicious. VPNs are a simple fix to this problem, yet, according to CNBC, it’s a step only 18% of consumers take.
The need for up-to-date cybersecurity measures is something that is growing in importance. As cybercrime evolves and as its reach and impact increase, it will demand more and more attention. This especially true for the small business community, which can no longer afford to remain blissfully indifferent, not when their entire business is on the line.
For more on the high cost of cybercrime, see The Future of Cybersecurity: Trust as Competitive Advantage.