There seems to be a constant supply of news stories involving high-profile, high-impact criminal cyber activity. More often than not, the data breaches that we hear about occur at large businesses or global organizations. This leads many people to think that it’s only those big companies who are at risk of being attacked. They incorrectly assume that today’s cybercriminal is always looking for a giant financial payout or a huge cache of personal data. But the reality is that small and mid-size businesses (SMB) are actually at greater risk.
In their 2018 Data Breach Investigations Report, Verizon found that 58% of all cyberattacks target small businesses. While it is true that the ultimate reward might not be as high as from a multinational organization, cybercriminals go after SMBs because they are easier to penetrate.
Gaining access to a multinational organization can be difficult. Larger organizations have the budget and the obvious need to protect their networks. When you collect personal data from around the globe or generate billions in revenue, you dedicate time and resources to protecting yourself. SMBs, on the other hand, don’t always focus on cybersecurity the way they should. And this is what cybercriminals are counting on.
Why Are Small and Mid-Size Businesses at Risk?
Regardless of the size of your business, cybercriminals who want to access your network will take advantage of any vulnerable attack surface. A single unprotected or improperly secured edge device can be all they need to access an entire system.
According to the Verizon Report, cyberattacks can occur in several different ways. 48% of last year’s breaches featured hacking while 30% included malware. Other less prevalent but still dangerous methods of attack were social attacks, privilege misuse or physical breaches.
A comprehensive approach to security is crucial for keeping cybercriminals at bay. Unfortunately, when it comes to the cybersecurity of physical security systems, many smaller organizations have a relatively haphazard approach. They roll out disparate solutions for access control and video surveillance which puts them at greater risk. And, as they grow or evolve, they add new cameras or technology as and when they can find the resources rather than developing a strategic plan to upgrade their system as a whole. This means that they may not be aware of potential points of attack on their evolving physical security network.
In addition, SMBs don’t always have a clear cybersecurity strategy that they communicate to every member of their team. The Verizon Report states that nearly one-fifth of system breaches occur because of human error. This can happen when an employee clicks on the wrong link or doesn’t adequately secure a device. Like any organization, an SMB can mitigate these errors through training and organization-wide awareness.
This takes a commitment from senior executives as well as an understanding of what is actually at risk. Unfortunately, SMBs tend to think that, because they aren’t dealing in billions of dollars, cybercriminals won’t bother attacking their networks. While they may believe they have less to lose to a cyberattack than these organizations, they are actually at a greater risk that their business might not survive the fallout or clean-up.
The Impact of a Data Breach on SMBs
When a multinational or global company is attacked, the cost can be astronomical whereas, according to the Ponemon Institute, the average cost for small businesses to clean up after being hacked is about $690,000 and, for middle market companies, it is over $1 million.
To an outsider, this may seem less significant in comparison with the high-profile cases that make it to the top of the news cycle, but these costs represent a huge financial burden for an SMB. In fact, according to the U.S. National Cyber Security Alliance, 60% of small companies are unable to sustain their business more than six months following a cyberattack. They frequently just don’t have the resources.
And, in addition to clean-up and containment costs, SMBs who collect personally identifiable information (PII) in Europe are now also going to have to deal with potential fines that arise from the European Union’s General Data Protection Regulation (GDPR). The regulation includes mandatory breach reporting rules that stipulate an organization must report a breach within 72 hours of detection.
The penalties for non-compliance are steep with fines of up to 20 million Euros or 4% of global annual turnover – whichever is higher. When you think of a small business not being able to survive a breach that costs under a million dollars to clean up, you can imagine what the outcome of such a heavy fine would be. Clearly, SMBs need to put the work in now to protect their networks and their budgets for the future. But how do can they do this without breaking the bank?
How Can SMBs Protect Their Networks?
As with any organization, an SMB can protect itself by deploying solutions that are developed with cybersecurity in mind. This means the systems they use should include ways to encrypt data, authenticate users and authorize access.
Encrypting data helps SMBs protect the private and sensitive information on their network and enhance the security of communication between client and servers. When data is encrypted, even if an unauthorized person or entity gains access to it, it is not readable without the appropriate key. The question then becomes how to control access to those encryption keys. The answer is through authentication.
Authentication comes in different forms. Client-side authentication includes username/password combinations, tokens and other techniques while server-side authentication uses certificates to identify trusted third parties. These allow SMBs to first determine if an entity – user, server or client app – is who it claims to be, and then verify if and how that entity should access a system, including the ability to decipher encrypted data.
However, while encryption and authentication are great tools for protecting data, they cannot stop unauthorized access to a network. The Verizon Report also states that more than 25% of network attacks involve people inside an organization. As a result, in addition to protecting access through authentication mechanisms, SMBs also need to use authorization to control who sees sensitive data and what they can do with it.
When authorization capabilities are built into security solutions, they allow administrators to restrict the scope of activity within their systems by giving specific access rights to groups or individuals for resources, data, or applications. By defining privileges, administrators can fine tune the level of access granted to each individual. This allows administrators to strike a balance between providing individuals with the access rights necessary to do their jobs efficiently and ensuring that they mitigate the risks associated with a potential data breach. This not only increases the security of the physical system as a whole, but it also enhances the security of other systems connected to it.
Return on Improvement
Prevention and detection are the best ways to avoid the costs associated with a system breach, including clean-up, loss of data and potential fines. By hardening your network against criminal cyber activity, you improve the security of your data and increase your resilience against cyberattacks.
At the same time, you should also be monitoring your systems for common indicators of a compromise. These can include unusual login times, reduced operating speeds across the network, errors in application and system event logs, new devices on the network, new users with admin privileges, unusual event log entries in the security log, or workstations with very high traffic.
Detection is increasingly important when it comes to mitigating the damage caused by a breach. The Verizon Report states that 68% of breaches took months or longer to discover. Having best practices in place to detect a breach as quickly as possible helps to reduce its overall impact and can make recovery that much easier. In the event of a data breach, you should also be prepared to respond quickly and effectively.
Overall, the challenge of securing SMB systems might be easier than for large businesses. SMBs tend to have a better picture of all their assets and a more direct way of communicating a new cybersecurity strategy to their teams. And their return on improvement is significant.
If you want to find out more, check out the Genetec trust center for cybersecurity insights and tips: www.genetec.com/trust