The sobering statistics of SMB cyber security.
In 2020, the Cyber attacker is not going to be going after the quantity of hacks, but rather, for the “quality” of attacks. In other words, they simply just won’t launch a specific threat vector en masse, but instead, they will pick a very select number of victims.
From there, they take their own sweet time to study them, and trying to learn as much as they can in terms of the assets they possess as well as their weaknesses and vulnerabilities. Once the Cyber attacker feels comfortable in achieving this task, he or she will then make their grand entrance into the system, without anyone even knowing about it.
From this point forward, the Cyber attacker will then “live” inside of the target for extended periods of time, in a covert manner. The goal now is to steal as many IT Assets as possible, but little by little, so that the target is totally unaware of it, until it is too late.
But apart from this, 2020 will also usher in a newer trend: Rather than trying to break into the walls of defenses of the Fortune 500, the SMB will now be the new target.
Why Don’t SMBs Take Cybersecurity Seriously?
So, why doesn’t the SMB take their own Cybersecurity seriously? It comes down to two primary reasons:
- Since it has been primarily the much larger businesses that have been broken into, many SMBs simply think that they won’t be the next target;
- Many SMBs are on a very tight budget, and because of that, they simply cannot afford to have all the sophisticated technologies and tools that a much larger company can have. But, with hosted security offerings making a huge splash now, this should no longer be an issue.
There are other reasons as well, which are as follows:
- Because many SMBs tend to be quite small (say, perhaps 20 employees or less), a family like culture over time starts to evolve. Because of this, great levels of trust are often created, and from within this, a very lax and relaxed atmosphere soon starts to precipitate. In this regard, many passwords and login credentials are shared amongst one another. But an SMB owner just never knows when an employee can turn on them and launch an Insider Attack.
- As just described, the lax atmosphere also transcends down into the overall IT security practices as well. For example, many SMB owners are aware of the fact that installing and deploying the latest software patches and updates onto their devices is very important, but this seems to take a very low priority until it is too late to do anything about it.
- Because many of the SMBs have very tight cash flows, they cannot afford to pay elaborate perks or bonuses to their employees. Because of this, an SMB owner will usually offer some other sort of incentives, such as working from home, or telecommuting. But keep in mind that with this scenario, it is highly unlikely that the SMB has actually implemented deep layers of encrypted protection for remote access into their IT and Network environments. Because of this, an SMB employee will typically use an unsecured Wi-Fi connection (such as the ones found at Starbucks or Panera Bread) in order to login. This scenario is a huge honeypot for the Cyber attacker to tap into.
- In a further effort to keep costs down, many SMBs do not issue company owned devices. Rather, they let their employees use their own devices to conduct their daily job functions, especially their own Smartphones (which is also known specifically as “Bring Your Own Device”, or “BYOD”). This, of course, is a huge recipe for a disaster to happen, as the employee’s own computer may not even have an ounce of security software installed onto them (such as Anti-malware and Antivirus applications).
- A lot of SMB owners are very often lured into getting and using free services wherever and whenever possible. This is especially true when it comes to using Cloud based services. A typical example of this is the continued use of Yahoo and Gmail for business purposes. While they may be fine to a certain extent for personal use, these services do not offer enterprise grade level security for an SMB, especially when confidential documents or the Personal Identifiable Information (PII) of customers have to be transmitted over the Internet. Just remember this old proverb: You get what you pay for.
- Apart from procuring hardware (such as servers and other wireless devices), one of the biggest expenses for an SMB is that of software application purchases. Because of this, many SMB owners, are tempted to find business application software packages from online stores such as those of eBay or Amazon. But keep in mind, the licensing that has been associated with them may have already been used (and thus cannot be renewed again) or have even expired. Many of the software providers such as those of Adobe and Microsoft have started to really come down hard software piracy and can even impose large fines and even criminal prosecution. Many of these software applications are now available on the Cloud, for a fixed and affordable monthly price for the SMB. A perfect example of this is the Office 365 from Microsoft, in which an SMB can deploy multiple, legal licenses for as little as $15-$20 per month.
Why An SMB Needs To Take Cybersecurity Seriously
Now that we have provided some details as to why an SMB does not take Cybersecurity seriously, the following statistics illustrate WHY one should take it seriously:
- 60% of all Cyberattacks are actually aimed towards the SMB;
- In a recent survey of 1,000 SMB owners, 85% of them believed that it is only the much larger sized corporations (such as those of the Fortune 500) that are the prime targets for the Cyber attacker. This finding gives credence to the very first reason why SMBs think that they are immune to Cyberattacks;
- 7.4% of SMBs have become a victim of large-scale fraud;
- There are, on average, 3.5 new threat variants posed to SMBs every second;
- The average cost of a Cybersecurity attack for an SMB is at $190,000;
- 58% of all Malware attacks are aimed at SMBs;
- 72% of all Malware attacks have slipped through the lines of defenses of an SMB;
- 40% of SMBs experience at least 8 hours of complete downtime after they have been impacted by a Cyberattack;
- 39% of SMBs claim that at least half of their IT Infrastructure is completely impacted after becoming a victim of a security breach;
- Only 35% of SMBs remain profitable after being hit by a Cyberattack, the others merely are forced to close permanently.
The cyber security experts at Continuum GRC have deep knowledge of the cyber security field, are continually monitoring the latest information security threats, and are committed to protecting your organization from security breaches. Continuum GRC offers full-service and in-house risk assessment and risk management subscriptions, and we help companies all around the world sustain proactive cyber security programs.
Continuum GRC is proactive cyber security®. Call 1-888-896-6207 to discuss your organization’s cyber security needs and find out how we can help your organization protect its systems and ensure compliance.
Want to learn more?