At this time of the year, I see a lot of warnings heading out to consumers about how to protect their information and their privacy. I get it. This is prime time for cybercriminals looking to scam potential victims who are often rushed and looking for the best deal. They aren’t necessarily thinking about security.
Also during this time of the year, many businesses, especially small businesses, are thinking of their bottom line. Those in retail know that this time of the year can make or break their business, for example, while other industries are focused on meeting their annual goals. They, too, may not have security at the top of their mind. That, however, could spell disaster.
According to a study by IBM's Resilient and the Ponemon Institute, two-thirds of businesses that suffer a data breach or any cyberattack will not recover. One reason is that three-quarters of these small businesses don’t have a cybersecurity incident response plan in place, and even when they do, it has never been reviewed or updated since implemented. We know that cybercriminals are constantly evolving with the times, making it clear that an incident response plan put in place several years ago may be ineffective against today’s more popular attack styles. Think of it this way: Is your business prepared to address a cyberattack on one of your IoT systems? Does your response plan include IoT?
TechRepublic reported the type of security incidents that businesses are experiencing, as well:
The study also looked at what type of security incidents the respondents were experiencing. Some 53% reported that they had dealt with at least one data breach in the past two years. Over that same period, 74% said their organization had experienced threats as a result of "human error."
Even though your employees might be playing a role in these security incidents, a study from Bitdefender found that they are more worried about data breaches than you may realize:
Some 73 percent of IT decision makers fear the financial compensation the company might have to pay in the event of a security breach, while 66 percent even fear about losing their job.
Two-thirds worry about job loss; two-thirds don’t believe their company can recover from a security incident. I don’t think it is a coincidence that those numbers came out equally. It notes just how high the concern is that businesses, especially small businesses, aren’t prepared for some sort of cybersecurity incident.
So how do SMBs adjust for this? In a prepared statement, Bogdan Botezatu, senior e-threat specialist with Bitdefender, suggested:
Companies must establish strong policies and protocols and restrict the ways employees use equipment and infrastructure or privileges inside the company network. The IT department must create policies for proper usage of the equipment, and ensure they are implemented.
I think the reason so many small businesses don’t have a response plan is because that attitude that a company is too small to be the victim of a cyberattack will not go away. Nationwide's second annual Small Business Indicator survey, for example, found that 45 percent of the companies that don’t have a response plan in place don’t think they’ll be affected by a cyberattack. As Mark Berven, president of Nationwide Property & Casualty, said in a formal release:
Cyber criminals are getting more sophisticated and realizing that small businesses are easy targets.
How ready is your business to face the heightened cybersecurity concerns during your busiest season or at any time of the year?
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba