Chances are you have been watching the news and seeing countless headlines on cyber security breaches. It seems like every week another major company or institution announces they have been subject to a breach.
Spanish Ministry of Labor and Economics
We could go on, but a simple google search for news articles on “Cybersecurity breach 2021” returns 3.5 million hits in approximately 0.62 seconds, and we are sure it would be quicker if our family wasn’t hogging the bandwidth.
Like many small businesses you are probably reading this thinking something along the following, “These criminals are targeting these large institutions, glad I’m so small they’ll never target me.” Sadly, the truth is your small size makes you a perfect target. We’ll go over this is why you need to be concerned with cybersecurity and protecting your network below.
Denial is not just a river in Egypt.
As we mentioned above far too many businesses think one of the following “I’m too small” or “I have nothing of value.” Thus, business owners lull themselves into a false sense of security. In a recent study by the FBI, 95% of companies that were victims of a cyberattack had little to no security infrastructure prior to the attack, and very few had a plan to address that. In today’s ever-increasing world of internet connectivity. Cybercrime is not a matter of IF but a matter of WHEN you will be attacked. Denying that it is taking place will not make you safer. instead by not acknowledging the risk, you leave yourself open to an increased risk of attack.
Small size, small budget.
Let’s talk about the elephant in the room. You are a small business, which means you more than likely don’t have millions of dollars in the bank, and your budget is probably stretched pretty thin. In a choice between making payroll and paying your electrical bill versus a firewall and security awareness training, many small businesses will quickly agree that the choice is easy you go with the former. Likewise due to the size small businesses typically run simple networks and utilize Bring Your Own Devices or BYOD policies all with little to no emphasis on security.
Criminals know this too. They know, you don’t have the tools or IT staff to ensure your network is secure, files are encrypted, or simply your software is up to date. Running an unsecure network is like leaving your front door unlocked while on vacation and newer software versions provides updated security features to help protect you and your business. These simple fixes are something that may not keep out the most advanced criminals, but it can deter the lazy and unmotivated to simply move on and look for an easier target.
You won’t fight back.
Much like a bully, cybercriminals prey on smaller companies simply because they know a small business can’t fight back. Large organizations or governments have the budget to install not only defensive measures, but there is the potential that a large organization has some offensive weapons too. Since the original attack on the Colonial Pipeline, the hackers lost access to their payment server, and the US was able to recoup 3.2 million of the ransom that Colonial paid. As attacks go up so does the possibility and tools to “return fire”.
Much like not having the budget for defensive tools, a small company will not have similar backing or simply a plan on what to do in the event of an attack. All of this means a small business will just have to pony up and pay the ransom if they want to get back to work.
Leapfrogging
Take a quick look at your contact/client list. We are pretty sure you don’t just support other small businesses or individuals. In the United States alone, 60 percent of the national GDP comes from small businesses. Which means somewhere along the line EVERY small business is tied to a larger corporation or institutions.
Criminals are not just looking to simply attack you to gain access whatever information is maintained in your system. Many times, criminal hackers will use you to attack someone else and impersonating your company and your credentials allows the hackers easier access to other and potentially larger organizations that might typically not be as easy to access.
What should you do?
First and foremost, take cybercrime seriously. In a recent report on cybercrime statistics 2020 saw a rise of ransomware attacks by 341%. While that significant rise was caused by an increased online presence due to the pandemic, there has been a steady year of year increase of attacks in prior years as well. Cybercrime IS NOT going away, and neglecting to act will not make you safer, it will instead have the adverse effect.
Second, knowing where you are is the first step in building your cybersecurity resilience. Start by running a security assessment and set your cybersecurity baseline. If you have some IT knowledge there are some self-assessments available out there but be warned you need to be brutally honest with yourself if you want proper results. Much like getting someone else to proofread an email, hiring a 3rd party consultant to provide an unbiased review of your infrastructure will provide you with a proper baseline. Another benefit of bringing in a consultant is that typically, a cybersecurity firm can not only help assess but also provide you with recommendations and a plan on how to fill in the gaps found during the assessment.
Lastly, once you develop your baseline, and you are moving forward through your plan. Regularly revisit and reassess. Remember this is a marathon not a sprint. Not only will it take time to build an appropriate cybersecurity infrastructure, but the different policies and tools will need to be refreshed to keep up with ever evolving attacks and technologies. The process will not only not be a one and done project, but it will need to be maintained and updated.
How can Summit Help?
As a Managed Service and Security Provider or MSSP. We at summit can provide you with dedicated support throughout your cybersecurity journey. From the initial assessment to develop your baseline, through the remediation process and reassess the progress made. Our team of expert cybersecurity consultants will be there providing world class advice and support to better protect your infrastructure from intrusion.
If you are interested on our process or learning how to get started with us. Click on the link below to schedule an introductory meeting and call.