If your organization hasn’t faced a cybersecurity threat, it’s only matter of time. The Dell Annual Security Report reported in 2016 that malware attacks had doubled, reaching a staggering 8.19 billion.
In an increasingly interconnected environment, attacks should continue to rise, says the McAfee Labs Threat Predictions Report. And while breaches of industry giants often make headlines, cyber attacks pose a threat to businesses of all sizes. In their 2016 State of SMB Cybersecurity Report, Keeper Security and Ponemon Institute reported breaches in 50% of small businesses over the past 12 months, noting that only 14% of the 600 companies surveyed rated their ability to mitigate cybersecurity risks very effective. Cybersecurity threats are aimed at exploiting individuals within an organization through email phishing, fake tech support scams and malware, as well as broader organizations through corporate data breaches, browsers and website attacks.
Two factors to consider for cybersecurity regardless of size include:
Industry. For example, healthcare companies of any size are regulated by HIPPA, which places heavy responsibility for patient data privacy – both at small health clinics and large hospitals.
Budget. While a large firm may have the resources to host data on premise, this places all responsibility for security on the organization for proper IT security protocols. On the other hand, SMBs increasingly leverage cloud-based services, leaving these organizations to facilitate a security solution. Regardless of budget size, SMBs and enterprises alike must take appropriate measures to prevent cybersecurity breaches, as this area is a critical part of operations.
Small Business Tactics and Solutions
As attacks become increasingly automated, some experts think cybercriminals may focus more heavily on SMBs, which often cannot afford state-of-the-art security systems. In 2014, small firms decreased security spending by 20% (compared to 5% among large companies) – but breaches rose 64% in the same timeframe, according to Price Waterhouse Cooper’s Global State of Information Security survey. Even with limited resources, SMBs can take the following approaches to protect against cyber attacks:
- Educate employees. This includes educating employees on proper and security passwords, procedures for protecting and maintaining data security and establishing guidelines for internet and mobile device use. Refresh education regularly to keep employees up to date and cognizant of security.
- Stay updated. Maintain anti-virus software and perform scheduled software updates on all technology – from applications to laptops.
- Provide a firewall and encrypt WiFi. Free firewall systems are available online to block unwanted users from accessing a network. Similarly, encrypt WiFi and hide the network name.
- Get help. Contract a firm to manage the security process if in-house resources aren’t available.
- Back up data. Prevent criminals from holding data hostage through ransomware in multiple locations, both hard drives and cloud services.
- Plan ahead. Detail roles and responsibilities in case a breach occurs to help minimize damage.
- Require multi-factor authentication. Leverage a double verification across VPN networks, company social media accounts and any other online accounts.
- Limit access. Restrict access to specific areas of data and systems to only employees who need it.
Enterprise Tactics and Solutions
A continuously evolving technology landscape mandates new approaches even for enterprises that may have a breadth of IT resources. However, John N. Stewart of Cisco Systems writes on CSO Online that even enterprises with sophisticated systems “do the basics and do them well.” This, Steward says, includes regular software patching, managing user identifies, managing networks, and eliminating dark space in infrastructure. Enterprises would also be remiss to overlook the vulnerabilities individual employees can present – which means employee education is equally critical in enterprise environments. As firms with more data and biggest revenues, enterprises may need to take additional measures to support security.
- Create challenges. Steward advises enterprises to generate confusion for cyber criminals, by establishing “honey pots” and Potemkin villages (false areas that divert hacker’s attention). Not only does this make it more challenging for criminals, but it also sends a message that the organization is aware of and prepared for hackers, and offers an early alert when cybercriminals are preying on the organization.
- Speed up. Enterprises should aim to detect and react as quickly as possible to hacking. Leveraging corporate data to detects compromises can be an ongoing measure to get ahead of breaches.
- Revoke credentials. In addition to ensuring access is only granted to those who need it, when employees leave the company, it is imperative to have access to all systems revoked.
- Secure websites. Interconnected systems through the Internet of Things are rife with vulnerabilities to hackers. Enterprises must establish strong website security to prevent breaches.
- Secure the chain. Outside the organization’s doors, any suppliers who provide a service along the supply chain could represent a risk.
An interconnected marketplace means even an enterprise outfitted with premium security protocols may be at risk through partnerships with smaller businesses that are vulnerable. Security Week contributor Jason Polancich cites several major enterprises’ cyber attacks that involved small businesses at the crux of the breach. Among these are Target’s POS attack, which was compromised through Fazio HVAC’s company network, and major news networks CNN, Washington Post and Time, all compromised by content provider Outbrain.
Polancich suggests this makes a case for big enterprises supporting – or handling – the security for their smaller vendors and partners. At the very least, Polancich suggests, enterprises need to mine available data to establish intelligence on cyber risk. Attacks come with a steep price tag: cybercrime is expected to costs businesses more than $2 trillion by 2019, according to Juniper Research, which means the investments from organizations of any size is very likely worth the reward.