November 08, 2017
What SMBs Can Do To Protect Themselves From a Cyber Attack
...Even When Large Companies and Nation-States Are Spending Millions And Are Still At Risk
According to an article by CNBC in 2015 and 2016 hackers breached 50% of small businesses in the United States. Here’s what this means in absolute numbers: there are 28 million small businesses in the US, and over 14 million of them were hacked.
Often, you will hear news on TV about breaches in big companies such as the 2013 Target breach, 2017 Equifax data breach, 2012 hacking of LinkedIn and 2014 Yahoo incident in which hackers stole data from at least 500 million Yahoo user accounts. What you do not often hear is that these incidents represent only a small portion of hacker activities and that more than 70% of hacker attacks target small businesses.
Out of those companies that were hacked, 60% went out of business in the following six months. In other words, there’s a 60% chance that if you ignore this risk, it will destroy your business. The reason why most small and medium businesses can’t recover after a breach is that they simply don’t have the resources to deal with the consequences. A big company can settle claims with clients and can invest in new infrastructure. A small company often doesn’t have the funds to do that and has to shut the doors.
Why Are These Numbers So Staggering?
Most small and medium businesses do not realize that they are at risk. They see news about big companies dealing with cybersecurity issues and think that hackers focus on big companies. They don’t realize that the news doesn’t focus on the 70% of hacker attacks that hurt small businesses.
Because of this, they don’t do anything to protect themselves or don’t do enough. They are not just vulnerable. They are completely exposed and open to hackers, which is the main reason why 50% of them get hacked.
A small business often operates on limited funds and doesn’t have a big IT department. These companies usually don’t know how to get started when it comes to increasing their cyber-defenses.
What You Need to Understand To Not Become A Victim
While cyber attacks and hacking are relatively new types of human activity, just like the Internet is a relatively new invention, they are also examples of illegal, criminal behavior. Criminal behavior is an area of life that scientists have studied extensively for centuries. Police, FBI and other government law enforcement agencies can fight crime quite effectively, and that’s from whom you need to learn. Once you understand the logic and the strategy, coming up with tactics and specific things to do is much easier, including the defense of your business online.
To understand how to deal with criminal behavior, you need to understand the psychology of criminals. What do criminals want? They want to cause harm, and in most cases, they have a rationalization or explanation for performing the activity, but they also know that it is illegal.
Criminals want to avoid consequences of their illegal activities. Because of this, criminals are trying to spot victims that look easy. A burglar is not going to enter a home that has lights on, music blasting and people on the front lawn. He or she is going to move on and look for a house that looks empty.
This is a very important point you need to understand. If your home is surrounded by dark empty homes and yours has lights on, you are most likely not going to become a victim of a burglary. All of these examples apply to cyber world perfectly. Hackers are looking for websites, businesses and systems that look easy to hack. They may be willing to spend more time trying to hack a large company, but if you are a small or medium business, they are likely to decide that you are not worth the effort. You do not want to look like an easy victim. This means that while you may not be able to make your business 100% impenetrable, you can make it hard enough so that the hackers will simply go elsewhere just like a burglar will go elsewhere after noticing a home with lights on and people moving inside.
Affordable Options That Can Reduce The Risks Significantly
If you’ve read this far, you understand that doing nothing is not an option and you can’t afford to stay completely open to attacks. The good news is that there are a lot of affordable options for cyber protection. A great first step is to start with an assessment of your risks and vulnerabilities. Common risk areas for the majority of small and medium-sized businesses today include cloud services, legacy software and technologies and possible human mistakes.
A holistic assessment should go beyond vulnerability scans and network penetration testing, which will only give you a partial picture of your risk profile. You will also want to interview executives and employees to understand what process gaps and human elements are increasing your exposure. You should walk away from an assessment with a list of remediation steps you can take to start shoring up your defenses. This list is prioritized with your business needs, resource availability and risk goals in mind.
The second step is to invest in proactive, ongoing monitoring. Not only do you need to be able to detect and sift through the constant barrage of malicious threats crossing your network every hour but you also need to understand the integrity of your infrastructure in real-time.
It may seem overwhelming, but a Managed Security Service Provider can help you get started. Leave it to the experts to define the steps, secure and upgrade your vulnerable systems & hardware, contain and clean up any current infections, and design your disaster recovery plan. Once this is in place, you’ll be able to restore systems, backup data and get up and running again quickly in the event of a ransomware or other type of attack. Most importantly, you could avoid being one of the 60% of companies that may have to close its doors.