Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

1/24/2019
10:30 AM
Connect Directly
Twitter
RSS
E-Mail vvv
50%
50%

Why Cybersecurity Must Be a Top Priority for Small & Midsize Businesses

The big corporations may grab the headlines, but America's SMBs have the most to lose in the aftermath of a data breach.

From Equifax to Under Armour to the recent news from Marriott, it seems that every week brings a new headline regarding a major data or security breach. The Marriott hack is just the latest in a long line of high-profile cyberattacks, with the hotel giant revealing that a massive breach exposed the personal data of more than 500 million customers.

But though the big corporations seize the cyberattack headlines, America's small and midsize businesses may have even more to lose when it comes to the ramifications of a breach. From the immediate damage (both financially and in terms of hours of lost productivity) to the lasting harm to a company's reputation and brand credibility, the stakes for cybersecurity have never been higher for smaller businesses. According to the US National Cyber Security Alliance, an estimated 60% of small companies will go out of business within just six months of a cyberattack, illustrating the real-world consequences of inadequate cybersecurity measures.

As technology advances, so will the prevalence and scope of cyberattacks. Every day, the Internet of Things (IoT) is making our world more interconnected, with an estimated 20 billion loT devices expected to be deployed by 2020. With this increased connectivity and greater reliance on mobile technologies come additional points of vulnerability — and the potential for greater damage from cyberattacks launched by criminals, nation-states, and other bad-faith actors.

The Risk for Small and Midsize Companies
This is the new reality of the digital world, and public and private entities — from government agencies and multinational corporations to small and midsize businesses — must be prepared to place a higher priority on implementing cybersecurity measures.

In the case of small and midsize businesses, statistics show that they are not only just as vulnerable to a breach, but the consequences of such an event can be downright catastrophic. According to data gathered by the Ponemon Institute, the percentage of small businesses that have experienced a cyberattack climbed from 55% in 2016 to 61% in 2017. In Verizon's 2018 Data Breach Investigations Report, 58% of malware attack victims were categorized as small businesses.

The most alarming statistics, however, relate to the potential monetary and long-term impact of a breach. The Ponemon study notes that in 2017, the average cost of cyberattacks on small and medium-size businesses was more than $2.2 million, with malware-related costs averaging more than $1 million in damages or theft of IT assets and more than $1.2 million as a result of the disruption to business operations. Those are staggering numbers — and they help explain why an estimated 60% of small companies go out of business within six months of a cyberattack.

How to Protect Yourself 
Given the high stakes that come with a potential breach, small and midsize businesses can take steps to protect their most vital and confidential information. To start, organizations must have a cybersecurity plan in place that will protect their assets and maintain the profitability of the business. Here are three recommendations for building out broader cybersecurity protocols:

  • Have a cybersecurity audit performed by an outside source. Even if you are confident that your IT department has the organization covered, there are major benefits to having another set of eyes that are divorced from the daily processes of your business to evaluate potential vulnerabilities within the organization. While security and technological performance are both tied to IT, having an experienced cybersecurity professional devoted to just the security aspect may reveal unforeseen vulnerabilities.
  • Create an organizationwide policy that fits the unique needs of your business. There is no one-size-fits-all approach when building out preventative cybersecurity measures and recovery protocols. This means each organization must sit down and identify what companywide information is invaluable to the business, where it is located, how potential hackers could gain access to this information, and what measures could be put in place to prevent or mitigate the damage of a cyberattack.  
  • Implement awareness programs that emphasize the importance of proper "cyber hygiene." Maintaining the digital security of an entire organization extends far beyond technology and firewalls. Human error often plays a significant role in a breach. Every employee, from the C-suite down, is responsible for exercising good judgment and following companywide cyber protocols. As such, implementing employee training programs is a critical way of informing and reminding employees of potential threats.

Bottom line: Investing in cybersecurity will protect the clients and IP revenue, and create business resilience, thus securing the future of your business.

Related Content:

Tom Ridge, former Secretary of the U.S. Department of Homeland Security; Chairman of Cybersecurity and Technology, alliantgroup Tom Ridge served as the nation's first Secretary of Homeland Security, leading an agency of more than 180,000 employees responsible for ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
UdyRegan
50%
50%
UdyRegan,
User Rank: Apprentice
2/14/2019 | 1:14:32 AM
Small means easier
It is the mentality of small and midsize business owners which assumes security isn't their biggest concern. Little do they know that they could actually wind up for good as soon as even the slightest hack were to hit them. Since they are small, it becomes even easier to consume them whole.
michaelmaloney
50%
50%
michaelmaloney,
User Rank: Apprentice
2/11/2019 | 12:28:08 AM
Teach and tell!
Small businesses balk when they see the price tag that's attached to security solutions. I think that if they had access to better security products for their company systems, a lot more people would be willing to dig out the money from storage to pay for such protection! it's really a matter of showing them what the options and alternatives are available for their own good...
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
1/30/2019 | 2:47:35 PM
Re: As a consultant for small business
Good and not good - the cloud by itself is not a guarantor of protection - if anything, it then opens up another can of potential worms and infections even less understood or visible to the client or consultant sometimes.  Remember the wisdom of dear Woz several years ago - there is no security in the cloud.  Wozniak was rarely if ever wrong. 
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/29/2019 | 10:52:05 AM
Audit
Have a cybersecurity audit performed by an outside source. I think this is where it needs to start. Without audit we would not know what is vulnerable in the environment.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/29/2019 | 10:50:33 AM
Re: As a consultant for small business
malware and forensics for SMALL business that cannot afford A CIISP or similiar level of expertise. That is good. Lots of companies are looking for these types of services.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/29/2019 | 10:49:36 AM
Re: As a consultant for small business
Now my backup and restore protocols were very very good indeed. That is good. Backups help a lot of course against ransomware. It needs to go beyond that to stay secure.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/29/2019 | 10:47:43 AM
Re: As a consultant for small business
small business - server, workstations, virus and malware support Makes sense. Today small business are more complex than that but also they have help. They can go with Cloud solution to keep themselves secure.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
1/29/2019 | 10:45:22 AM
58%
58% of malware attack victims were categorized as small businesses. It looks like more small business than not. I would think number is higher since we hardly hear any breach happened in a small business.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
1/24/2019 | 3:12:04 PM
As a consultant for small business
Several years ago i was self-employed as a consultant for small business - server, workstations, virus and malware support but for the latter two i did the basics and no real knowledge until moving to Georgia and employed with a malware forensics shop.  WOW.   What i did not know.  Now my backup and restore protocols were very very good indeed.  I survived September 11 in the south tower and am familiar with restore in an environment from hell.  Over 1,000 systems.  Aon.  So i was good at that aspect for business but down here, I anticipate re-starting my business for this purpose - malware and forensics for SMALL business that cannot afford A CIISP or similiar level of expertise.   For small buis - there is no one manning for fort at all.  I intend to change that. 
7 Truths About BEC Scams
Ericka Chickowski, Contributing Writer,  6/13/2019
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2019
10 Notable Security Acquisitions of 2019 (So Far)
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12865
PUBLISHED: 2019-06-17
In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a double free for the ms command.
CVE-2017-10720
PUBLISHED: 2019-06-17
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the desktop application used to connect to the device suffers from a stack overflow if more than 26 characters are passed to it as the Wi-Fi name. This application is installed o...
CVE-2017-10721
PUBLISHED: 2019-06-17
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the device has Telnet functionality enabled by default. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car ga...
CVE-2017-10722
PUBLISHED: 2019-06-17
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the desktop application used to connect to the device suffers from a stack overflow if more than 26 characters are passed to it as the Wi-Fi password. This application is install...
CVE-2017-10723
PUBLISHED: 2019-06-17
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that an attacker connected to the device Wi-Fi SSID can exploit a memory corruption issue and execute remote code on the device. This device acts as an Endoscope camera that allows it...