Organizations are in a difficult place when it comes to protecting themselves against the current cybersecurity threat environment. Many companies believe that they’re too small to be a hacker’s target. However, given the wide range of businesses and organizations being hit on a daily basis, this couldn’t be farther from the truth. If your organization has data, and every business does, you are a worthy and potentially lucrative target for cyber criminals.
Because of financial damage, as well as damage to a company’s brand, there is a substantial cost for small to mid-sized businesses to recover from just one security incident. According to a recent report from Kaspersky Labs, the average cost of recovery from a single security incident is estimated to be $86,500 for small and medium businesses and 10 times that – $861,000 – for enterprises. These recovery costs take into account the time, cost and labor associated with:
- Investigating what happened and how to prevent breaches in the future
- Creating and sending customer breach notifications
- Assuring customers that their data is secure after a breach or incident
- Dealing with the bad press and media outreach/response
- Paying additional attorneys and litigation fees
- Taking a hard look at your IT environment and improving/hardening your defenses
Larger organizations are more able to absorb the costs of recovery than small and medium-sized companies. In fact, approximately 60 percent of mid-market businesses fail after a data breach because they simply cannot afford it, according to a 2012 study by the National Cyber Security Alliance.
The Risk of Doing Too Little
Company owners who become complacent because they think they’re flying “under the radar” are gambling, and we all know the deck is stacked in favor of the house, or in the case of cyber attacks, the hackers. If you have a basic security program and think you can get by with the bare minimum standard security measures in place, you are mistaken. Relying on this minimum protection, such as a firewalls and anti-virus software, just isn’t enough in today’s continually evolving cyber threat landscape. Consider these shocking statistics:
- According to Symantec, 50 percent of all messages on the Internet are spam, many of which contain links to malware and ransomware. It only takes one wrong or inadvertent click to have a cybersecurity nightmare in your hands.
- Symantec also reports that 60 percent of attacks target mid-market businesses. They’re easier targets than enterprises and they typically have less manpower and fewer technical resources to detect issues.
There is additional fall out when companies, large and small, fall victim to malware, ransomware, hacking, or a data breach. There may be ongoing disruptions to continuity, productivity, and operations, or even increasing insurance premiums. Beyond the cost of recovering from a security incident, there are other devastating effects of a breach, such as:
- Ongoing disruptions to continuity, productivity and operations
- Increasing insurance premiums
- Losing customer loyalty and revenue from cancelled contracts
- Devaluing of your company brand and degrading of your reputation
While the current cybersecurity threat landscape is pretty dire, there is some light at the end of the tunnel. While there is a lengthy list of steps you should take, and security services and/or software solutions you should employ to bolster your company’s security posture, I’ll focus on five steps that can be easily implemented and should be standard components of an overall security plan:
- Employee education – Employee education cannot be stressed enough. Unaware and careless employees are one of the most effective ways for cybercriminals to find “open doors” to the corporate network. Educating employees on the dangers of clicking on even one attachment or link in an external email, and making it part of the employee onboarding process, can be the best defense in preventing malware from finding that “open door.” Just sending an email or two a year reminding employees not to open suspicious emails isn’t enough. Holding regular training sessions and making this training part of the new employee onboarding process is critical.
- Monitor potential insider threats – Just as employees can inadvertently pose a threat, they can also do so on purpose. Regardless of background screening, every organization faces a potential threat from disgruntled employees and contractors. Monitoring your IT environment should include all internal systems, not just the corporate network. Make sure you know if someone if trying different passwords 20 times in a row and any other anomalous behavior within your systems.
- Backup your data – Regular backups are the easiest way to protect your data against ransomware attacks. You can go one step further by encrypting the backed-up data so that only you or a designated administrator can restore it. This strategy allows you to cut your losses with minimal financial loss if a device does become compromised (other than the cost of the device itself). In the end, the data remains safe.
- Create an incident response plan – If a security breach occurs, it’s important to have appropriate measures for handling it in place. This includes the evaluation and reporting of the incident and preventing the issue from recurring by analyzing what happened and eliminating the problems that led to it.
- Deploy whitelisting technologies – Whitelisting can be very effective in deflecting unwanted software from running on your systems, but it isn’t foolproof. Whitelisting should work in concert with additional layers of security, such as network monitoring, firewalls, endpoint security, mobile device management, etc. Once vulnerabilities are found, they should be patched immediately. Malware often relies on bugs in software and applications that can be easily exploited. When you quickly apply security patches, you give cybercriminals fewer opportunities to find the ways into your network and infecting your IT assets with malware.