Many firms think that they’re too small to be of any interest to hackers, and assume that the headline-grabbing breaches of large corporations are all that the criminals are after.
But just as muggings are more common than massive bank heists in the physical world, small scores are the most frequent target of cyberattacks in the digital one. The 2018 Verizon Data Breach Investigations Report found that 58% of victims were businesses with fewer than 250 employees.
The costs can be enough to put many smaller enterprises out of business for good. Research from Accenture found that the costs from malware and malicious insider cyberattacks jumped 12% in 2018 and accounted for a third of all cyberattack costs. The average hit was $2.6 million per organization for malware attacks, and $1.6 million for malicious insider attacks.
So, why are cybercriminals turning to smaller organizations?
1. Small enterprises don’t always protect themselves
All too often, smaller enterprises think they can stay under the radar of cybercriminals and they don’t see the perceived expense of cybersecurity as a worthwhile investment. Because the results of good cybersecurity are a lack of any data breaches or malware, the value of it is somewhat invisible — business leaders may think that lack of attack is because they’re just not at risk.
2. Small enterprises rarely educate themselves
Even when smaller firms invest in the equipment they need to help protect themselves, they don’t take the additional necessary step of educating their employees. Malware, in particular, is frequently traced back to a human factor (whether willful or accidental). Continuous training of employees on good password policy, what malware and phishing attacks might look like, and other cybersecurity strategies is essential.
3. The proliferation of devices changes the game
For businesses large and small, the growth in portable devices provides new attack points for hackers. From mobiles to fitness wearables, your employees, clients, suppliers, and partners unwittingly carry potential backdoors onto your business network all the time. If your employees take business devices home with them, they may also put the company at risk of breach by using them on an unsecured or open network. Your firm needs a BYOD policy and reliable VPN solutions for portable devices, be they personal or professional.
4. A lack of expertise
Not every small enterprise can afford a cybersecurity specialist on its IT team. Even if the funds and the will to hire tech talent are there, it gets increasingly difficult to find qualified candidates as the talent gap expands. Without the resources for in-house expertise, small enterprises need to consider outsourcing or retaining a managed service provider for their IT security needs.
5. Concentrating on protection instead of detection
Security software, patching vulnerabilities, and training your employees are all important parts of cybersecurity. But today, breaches and successful attacks are inevitable. Too many companies focus simply on stopping intrusions and are incapable of spotting malicious actors once they’re on the network in order to stop them before they wreak havoc.
Arctic Wolf Networks delivers the industry-leading security operations center (SOC)-as-a-service. The Arctic Wolf™ Managed Detection and Response and Managed Risk services are anchored by the Arctic Wolf Concierge Security™ Team. Arctic Wolf’s purpose-built, cloud-based SOC-as-a-service offers 24×7 monitoring, risk management, threat detection, and response. For more information, visit https://arcticwolf.com