If you are a small business, you are likely going to get hit with some sort of cyberattack.
For a long time, there has been a misconception that it is only large corporations that are targeted in cyberattacks, but with the release of the latest Ponemon Institute and Hartford Steam Boiler survey, I hope we can put that misconception to rest and SMBs take a stronger approach to security.
According to the report, which surveyed 1203 businesses, almost one-third of U.S. small businesses were the victim of an attack last year. But here is the real takeaway from the survey: of those companies suffering a cyberattack last year, 72 percent were not able to fully restore their company’s data. Other consequences SMBs suffered due to an attack included: managing potential damage to their reputations (59 percent), theft of business information (49 percent), the loss of angry or worried customers (48 percent) and network and data center downtime (48 percent).
If you get hit with an attack, do you have confidence that you’ll be able to restore your data? If you are sure that you can, you might want to double check. And then take a good look at your cybersecurity plan and make sure it is working. What this latest survey shows is that not only are SMBs getting hit, but SMBs could be devastated by a cyberattack.
What these surveys looking at SMBs and cybersecurity repeatedly stress is if you are hooked up to the Internet, you are vulnerable to a cyberattack. It is as simple as that. Yet, SMBs continue to believe they are immune.
To protect your company, you have to know where the attacks are coming from. According to this survey, the primary causes of attacks are computer viruses, worms and trojans (61 percent) and unspecified malware (22 percent). Although the survey didn’t mention it, I think you need to add human behavior to the list. Yes, the malware and trojans are doing the actual damage, but how is that malware getting into your network in the first place? In addition to good perimeter security (AV software, firewalls, etc.), security education has to be factored in. You may want to bring in an outside security firm to bolster your own actions or to help create an action plan. Yes, that will cost money. Security could take up a bigger bite of your small budget, but here’s the question you have to ask yourself: Is it worth it to spend the money upfront or risk losing it all if an attack occurs?