For most small and midsize businesses, the risk of being targeted and victimized in cyberattacks isn’t theoretical. It’s real.
A 2016 study sponsored by Keeper Security Inc. and conducted by the Ponemon Institute found that more than 50 percent of small and midsized businesses had been breached in the prior 12 months. Not just targeted or attacked, but breached.
“No business is too small to evade a cyberattack or data breach, and businesses across all industries are impacted by this threat,” according to Keeper, a company that provides password management and digital storage services.
News services typically focus on reports about data breaches in large companies in which hundreds of thousands or millions of files are exposed. However, smaller businesses also store valuable, electronic information and, generally speaking, probably are more vulnerable to attack than bigger companies.
Some smaller companies lack the resources – or assume they lack the resources - to implement a good, effective and efficient cybersecurity plan. Other firms might not even be aware of the threats they’re up against.
Hackers around the world are constantly searching for electronic information, such as account numbers, that could be valuable on the black market. Sometimes they try to make money by holding a company’s electronic files for ransom. Or maybe they might just be looking to create zombie computers that they can control remotely to help secretly carry out attacks on other networks.
Related blog: What to do before and after a ransomware attack
Increasingly, there are reasons to believe that companies with good security strategies are gaining competitive advantage.
In 2015, Ponemon, which conducts research in areas such as data protection and privacy, identified what it called “Seven Megatrends in Cybersecurity.” Based on survey results, No. 1 was that cybersecurity will become a competitive advantage and a priority among top executives.
The survey, sponsored by Raytheon, polled more than 1,000 IT and cybersecurity leaders from around the world. At the time of the survey, 75 percent of survey respondents identified cybersecurity as a “necessary cost” rather than as a “competitive advantage.”
A more telling and concerning finding in Ponemon’s research was that only 14 percent of respondents said the cybersecurity leader in their organization had a direct reporting relationship with the chief executive officer. That’s an outdated line of corporate thinking that seems to be changing.
Implementing good cybersecurity has got to be a business priority.
Constant reports about of breaches of corporate data – Equifax being one of the latest and biggest – attest to the need for cybersecurity to be a higher priority among organization leaders.
Ponemon reported that equipment improvements are helping businesses reduce inside risks, but more company resources need to be directed at fighting increasingly sophisticated cyber criminals.
There is lot of free or relatively inexpensive help available to assist any small or midsize businesses that is getting serious about cybersecurity. Here are five resources:
- One place to start is the U.S. Computer Emergency Readiness Team’s website. US-CERT is part of the U.S. Department of Homeland Security.
- Other resources include the U.S. Small Business Administration, which offers an online training exercise for small businesses.
- The U.S. Chamber of Commerce also provides some internet security options on its website.
- The Federal Communications Commission offers help to businesses that are putting together a cybersecurity strategy.
- The NIST Cybersecurity Framework is a program that businesses can use to build, strengthen and update their cybersecurity strategy on an initial and ongoing basis. NIST is short for the National Institute of Standards and Technology, which is a non-regulatory agency within the U.S. Department of Commerce.
NIST worked with business leaders, government officials and academic experts to develop a series of voluntary, flexible guidelines that are scalable to the size of the company using them.
SDN likes CyberRx enough to have become a licensed reseller of the service. Several SDN employees have been trained and are certified to help other businesses implement or review their cybersecurity strategies using CyberRx and the NIST Cybersecurity Framework.
Read more about the new service that helps businesses protect themselves against a cyber attack.