One malicious email. One unsuspecting recipient. One click. This rapid sequence of events is often all it takes for a cyber threat, targeted at a company, to balloon into something that puts the entire business network in jeopardy.
"Small business cyberattacks may not lead to the biggest headlines, but they're a huge problem for enterprise owners."
Cybercrime: A big problem for small business
There's not a single industry type – or size of company, for that matter – that's immune to cybercrime. But that doesn't mean that all victims of cybercriminal incidents get the same airtime in the media. The cybercrime attack headlines we see tend to be the huge ones. Anthem breached – $100 million lost. Blue Cross hacked – 11.2 million customers impacted. These are the big headlines – the ones that deal in millions.
But while large-scale cyberattacks command the headlines, the pervasive problem of small business hacks should not be ignored. Oftentimes, hackers love to hone in on small company targets – and just because these attacks aren't landing in your news feeds doesn't mean they aren't a huge issue. Between 2011 and 2012, for instance, one report found that cyber incidents involving small companies shot up by 300 percent, as Small Business Trends reported. At an April hearing of the House Small Business Committee entitled "Small Business, Big Threat: Protecting Small Businesses from Cyber Attacks," Chairman Steve Chabot stated that, "the majority of cyberattacks happen at small businesses. In fact, 71 percent of cyberattacks occur at businesses with fewer than 100 employees."
There are some key reasons why small business attack numbers are on the rise. First of all, smaller organizations tend to lack the dedicated and often expansive IT infrastructure of larger businesses – and this is something that hackers know and take advantage of. Additionally, SMBs tend to not have as much disposable money to spend on protective measures like advanced data security tools. When cybercriminals generalize about small businesses, they think of organizations that have neither the workforce nor the monetary resources to defend against even relatively simple attacks. But it is time for small businesses to prove these hackers wrong.
The right move: Creating a company culture around cybersecurity
The last thing any business wants is to suffer a major hack, but for small companies, the consequences can be particularly hard to endure. As a study from Kaspersky Lab uncovered, a small organization that suffers an average data breach will end up shelling out around $38,000 in direct costs. And that is not even factoring in the costs incurred from the reputational impact that inevitably follows a breach.
As Chris Doggett, Kaspersky Lab North America's managing director, asserted, "The high cost associated with addressing a cyberattack after an incident occurs is quite alarming … These numbers should serve as a wake-up call."
Doggett is right. After all, $38,000 is a significant chunk of change to pay for something that is too often preventable for a lot less money. Fortunately for small organizations, the ticket to preventing a hack doesn't center around rolling out expensive security procedures that will be cost-prohibitive for companies operating at a smaller scale. Instead, as the ACA pointed out, one of the best steps SMBs can take is to build a culture of cybersecurity. Getting this culture rolling is based on several key (and cost-effective) steps:
- Across-the-board training: Cybersecurity issues are company-wide issues, and enterprise training should reflect that. The first step to having a company culture that is proactive about cybersecurity is to ensure that all workers have at least a basic understanding of the security measures that the business has in place.
- Reminders of good cyber habits: Spear phishing attacks are a favorite among hackers, since the process – which involves having an unsuspecting victim click on a malware-laden email or link – requires very little work from the cybercriminal to perpetrate. To prevent against these broadly used attack types, company leaders should ensure that their staffers are kept abreast of the fundamentals of cyber safety.
The virtues of managed SIEM
Security information and event management technology centers around offering businesses the kind of real-time monitoring and alerting that can stop an intrusion from reaching catastrophic proportions. When SMBs pursue a robust managed SIEM solution, they are able to augment their cybersecurity-focused company culture with a solution that is built to handle detection and response in a growing threat atmosphere. That way, issues are detected before they balloon into business-ending situations.
Cybersecurity news and analysis brought to you by Arctic Wolf, leading provider of managed SIEM services.