|
Everyone has heard of the cyber security attacks on Target (2013), Home Depot (2014), Neiman Marcus (2014), Sony Pictures (2014), and the United States’ second-largest health insurer, Anthem (reported February 2015), but have you heard of the security breaches for Aaron Brothers, Evernote (denial of service attack), P.F. Chang’s China Bistro, Community Health Services, Goodwill Industries, SuperValu, Bartell Hotels, Dairy Queen, U.S. Transportation Command contractors, and more.
Probably not. Even I hadn’t heard of these breaches until I did some research for this article. And these were just some of the larger chains (just not large enough for nationwide media attention).
So it’s not just that the massive names and brands are being targeted for cyber security attacks. Instead, it’s small- to medium-sized businesses that are receiving the brunt of the attacks. In fact, they are enduring more attacks than the big guys—we just aren’t hearing about it in the media.
According to Experian’s 2015 2nd Annual Data Breach Industry Forecast, “the risk of experiencing a data breach is higher than ever with almost half of organizations suffering at least one security incident in the last 12 months.”
So why are so many smaller businesses becoming the target of cyber attacks? It’s not because they don’t have the right procedures and the right security personnel in place to prevent attacks. Far from it: Experian’s data breach report stated that “48 percent organizations [surveyed] increased their investments in security technologies spending” in 2014.
So why—as companies understand the need to add features and 24/7 surveillance to their security systems—are more and more companies getting hit?
Beefing up your security is a good thing, of course. But it can also lead to a false feeling of security. Spending considerable time and money on technology can lead to apathy. More to the point, it can lead to the perception that all is OK, that you’re well-protected, and that you can sleep well at night, every night.
But such an assessment can lead to mistakes. Remember, your job is to run your business. Service your customers. Create great products and deliver terrific services. You need to make sure your bottom line stays healthy. That your employees are engaged and happy.
You have a considerable amount on your plate.
Cyber criminals, however, are focused on one thing only: finding your mistakes.
These individuals have nothing more to do than look for vulnerabilities. They don’t have to patch up weak spots; they don’t have to constantly be on the lookout for system flaws. All the criminals have to do is find a small hole and if they find one—like a bat that can enter your home through a space less than an inch around—so can a cyber criminal use that tiny fault and hack into your system.
How much do hackers love small companies? Some statistics:
Perhaps most frightening is the National Cyber Security Alliance’s finding in 2012 that about 60 percent of all small companies go out of business within six months of a data breach!
In order to stay ahead of hackers and cyber criminals a business must ensure that its IT team continuously looks for vulnerabilities, even as other team members work to beef up its security. Cyber criminals can sleep at night; a business’ IT team—in effect—cannot.
In addition to hiring professionals whose time is spent only on checking for weak spots in their firewalls, etc., smart companies also hire professionals to hack into the business (thus exposing those holes). They also continuously upgrade software packages, monitor the system 24/7, and so on.
Yet I’ve seen too many small businesses who believe that they are too small or “too boring” for cyber criminals. This isn’t apathy, per se; it’s a lack of understanding that no business is too small for crooks.
This is something especially to remember if you’re in a growing industry, one that is enjoying more media coverage. Firms with entrée to larger business networks also are at risk. As are those which have access to customers’ personal data, such as credit cards, social security numbers, etc.
The days of installing the latest in security technologies and saying “Done!” is over. Instead, I recommend that every business—and I mean every business—engage in the following, and do so continuously (24/7, if possible):
In October 1941 when things were looking mighty dicey for England during World War II, Winston Churchill spoke to the young men at Harrow School and told them this (one of the most famous of his quotes):
Never, never, in nothing great or small, large or petty, never give in except to convictions of honour and good sense. Never yield to force; never yield to the apparently overwhelming might of the enemy.
Is this a bit too grandiose to use as impetus when dealing with cyber criminals? I don’t think so: cyber attacks are an absolute menace to our privacy, our finances and our way of life. Our best defense is to never become complacent. We must never give up. We must never think that we’ve done enough.
That’s my bottom line. What’s yours?
Sponsored byWhoisXML API
Sponsored byDNIB.com
Sponsored byVerisign
Sponsored byVerisign
Sponsored byRadix
Sponsored byIPv4.Global
Sponsored byCSC
Sometimes apathy is driven by a lack of understanding the threat. The DIB ISAC focuses on the tier two/three subcontracting community within the Defense Industrial Base. In many cases these companies do not have the IT staff much less an IT security staff. By necessity, they must focus on driving revenue. However doing so without understanding the threat could be fatal to the business if they are breached. I encourage these companies to join a trusted forum such as an ISAC within their community. Doing so will allow access to a community of analysts that can help not only understand the threat but how to adopt best practice for mitigation. http://www.dibisac.net