Cyber Attacks Are Proving Costly For Small And Midsize Firms
According to Small Business Trends, since 2017, the average cost for a small to midsize business to recover from a data breach is $879,582. This price tag can be disastrous for small and midsize firms (SMF’s).
Here are 5 reasons why SMF’s are at risk.
Cybercriminals Do Not Discriminate
It’s not just large firms, corporations, and businesses that must worry about cyber attacks. SMF’s are easier targets for hackers. Larger firms tend to have cybersecurity solutions in place due to the amount of private information they must protect and are able to allocate money & resources that put security higher on the priority list. For a hacker, trying to breach larger firms cost time & money, putting them at a higher risk getting caught and facing prosecution.
Hackers are targeting SMF’s is due to several reasons:
- Outdated security updates
- Lack of resources for adequate cybersecurity solutions
- Valuable business data (customer information=identity theft)
- Access to larger firms through unprotected connections
A new technique in cyber attacks called ‘Spray & Pray” uses the automated attacking of IP address. Attacking IP addresses is not new, but using automation is. This concept uses intelligent automation techniques to perform mass cyber attacks in a short period of time. According to Computer Business Review, these attacks are so random and aggressive, if SMF’s are vulnerable, they will be attacked.
92.4 % of all malware is delivered through email. A small firm (less than 250 employees) can expect to receive an average of 9 malicious emails a month. Example, a firm of 20 employees can expect to receive 180 malicious emails a month. If security measures such as a firewall or email filtering falter, employees must make the right decision 180 out of 180 times or a firm can be attacked and compromised.
According to Verizon’s 2018 DBIR report, human error was the cause of almost 1 and 5 security breaches. It is impossible to prevent 100% of these accidents. Where larger firms have an advantage over SMF’s, is the amount of time and resources they have dedicated to proper security training. Statistics show 4% of employees will click on a Phishing Campaign. Hackers are still using tried and true methods to gain access to private data. With proper training, SMF’s can reduce the likelihood of human error.
Whether a firm is large, midsize or small, being vulnerable to the wide array of security attacks is a reality. Where SMF’s find themselves at a disadvantage is the resources to educate themselves about the solutions that can keep their firm safe. Running SMF’s comes with many challenges outside of cybersecurity. Understanding the technology available to prevent attacks can appear daunting and be put lower on the priority list of day to day tasks, projects and activities to keep SMF’s running smoothly. Confusion about necessary protection and costs keep cybercriminals a step ahead of SMF’s.
Here are some statistics that are showing that cyber attacks are hitting SMF’s at a rapid rate.
58% of malware attack victims are categorized as small businesses. (Verizon 2018 DBIR )
Since 2017, cyber attacks cost SMF’s an average of $2,235,000. (Ponemon 2018 State of Cybersecurity in SMBs)
60% of small businesses say attacks are becoming more severe and more sophisticated. (Ponemon 2018 State of Cybersecurity in SMBs)
Advanced malware protection and prevention is the #1 budget priority. (2018 IT Budget Priorities Report)
The Good News
A custom cybersecurity plan does not have to be complicated or expensive. Sales manager, Michael O’Neill, from Accellis Technology tell us about the basics.
If you are a business or firm of any size, there are basic security measures you need to have in place. These basic include:
- Firewall Protection – This is the most basic protection that every firm should have in place. A firewall acts as of a filter between the internet and your firm’s network and computers, protecting private data. In the cloud era, having a cloud-based firewall solution can provide uninterrupted network availability and robust access to cloud-hosted applications.
- Antispam – Spam accounts for 48% of all email traffic. These mass emails reduce productivity, clog inboxes, and make it easier to miss important emails. Antispam software is a necessary email protection strategy.
- Antivirus – Antivirus software looks at the data—websites, files, software, applications—traveling over the network to your devices. Antivirus software searches for known threats and red-flags behavior to block or remove malware as quickly as possible.
- Active Directory – This Microsoft technology provides a way to organize a large number of users into logical groups and subgroups, while providing access control at each level. The domain controller authorizes all users and computers in a Windows domain network.
- Windows Updates – If a firm is using the Windows OS, security updates are automatically downloaded. If you want to check for updates manually, select the Start button, then select Settings > Update & Security > Windows Update, and then select Check for updates.
Having the basics in place is a start, but SMF’s are now moving to a higher level of protection due to the rise of cyber attacks over the last 5 years.
- BDR (Backup Disaster Recovery) – What is Disaster Recovery? Having a plan to quickly resume mission-critical functions following a disaster. Read more about disaster recovery from a trusted partner of Accellis Technology Group, Barracuda Networks.
- Anti Spear Phishing – Spear Phishing attacks are carefully designed to elicit a specific response from a specific target. Attackers research their targets and craft a personalized message and give the illusion of a trustworthy message to a firm’s recipient. The goal of these attacks varies from requesting a wire transfer, requesting sensitive or proprietary information, spreading malware or ransomware, and taking over corporate accounts. Anti Spear Phishing software uses advanced artificial intelligence technology and security awareness training to combat these attacks.
- DMARC authentication (Domain Message Authentication Reporting and Conformance) – Domain spoofing uses a company’s domain to impersonate someone working for the company. The DMARC authentication standard was established to block these domain spoofs. Over ninety-six percent of firms have experienced domain spoofing, intended either to trick company employees, customers, or partners into sending sensitive information, transferring funds or launching spam campaigns.
Our team is ready to help SMF’s evaluate their cybersecurity level. Whether it is making sure basics are in place, or to help transition to more advanced levels of cybersecurity solutions. Fill out the form below or visit our Contact Us page today to learn more!