The alarming cost of cybercrime and what small businesses can and should do to protect themselves
Earlier this year, Microsoft President Brad Smith called on nations to adopt a so-called Digital Geneva Convention. While aimed at world governments, I doubt few would argue at the need for some set of international laws governing every nation, state and human on issues of cybersecurity.
We can all probably guess why: Cybersecurity is one of the greatest threats we face today. For some context, consider that McAfee estimates the global economic cost of cybercrime and cyberespionage at between $300 billion and $1 trillion per year.
Also think about the explosive growth of ransomware, a phenomenon by which a user or business’ data are hacked and held to ransom. Per a report published by SonicWall, ransomware attacks rose from 3.8 million attacks in 2015 to 638 million in 2016. Yes, you read that right: There were 167 times more ransomware attacks in 2016 than 2015. (Verizon’s newly released 2017 data breach report also found significant growth in ransomware attacks.)
While it’s true that large corporations may be the most lucrative targets for hackers, it is the small businesses that hackers are now after. Indeed, 60 percent of all targeted cyberattacks in 2014 struck a small- or medium-sized business. Shockingly, however, most small businesses remain unconcerned about cyberattacks. According to a 2016 report by the National Federation of Independent Business, small business owners rank cybercrime 51 out of 75 possible business concerns.
Small businesses make for ripe targets for a host of reasons. For one, they often lack the security resources of larger corporations. They are also oftentimes a gateway to larger corporations. Many people remember the 2013 hacking of Target, but not many know that the company was hacked through its much smaller HVAC vendor.
But even that aside, there is one glaring reason why cybersecurity should be at the top of every small business’s mind. It is estimated by the National Cyber Security Alliance that 60 percent of small businesses go out of business within six months of a data breach. And, as the Denver Post reports, “the average price for small businesses to clean up after their businesses have been hacked stands at $690,000; and, for middle market companies, it’s over $1 million.”
How Small Businesses Can Protect Themselves
For starters, when it comes to your business applications—things like your financial, marketing and production systems—one of the smartest moves small businesses can make is to move to the cloud.
The advantages are compelling. They include the constant monitoring of infrastructure by highly trained solution providers. Also, secure servers are hosted in a variety of locations, safeguarding data better than an in-house datacenter. And, need I mention the convenience aspect? Think about it. Things like data storage, security patch management, vulnerability scanning, web application firewall, advanced threat management (you get the idea) are no longer your problem, but your cloud provider’s. And these things are managed better, which in turn makes your business more secure. I can personally attest to how seriously and effectively we manage security at SAP—the lengths we go to, the resources we put behind it—and how our customers have benefited as a result. (I encourage you to reach out to me if you question or dispute any of this.)
Yes, there have been high-profile cases of cloud security breaches—say, Target and Apple’s iCloud. But, as Trip Wire points out, these “breaches were a result of human error, not shortcomings of the cloud.” In fact, human error is the primary cause of the majority of security breaches. A 2014 IBM report indicates that, in more than 95 percent of all the security incidents they investigated, human error was a factor.
Another way small businesses can better their security—regardless if they’re fully cloud operational or not—is to improve the collaboration between their chief security officers and their security and application teams. This is something small- and mid-sized businesses can fix tomorrow. It’s amazing to me that, in 2017, these groups often remain siloed from each other. Organizations are letting this happen at their own peril.
Breaches via mobile devices is another burgeoning security concern. Citing again Intuit’s e-book: “Nearly half of small business owners use a smartphone as the primary device to run their operations.” As smartphone use and capability continues to boom, and as “bring your own device” policies continue to grow, mobile will increasingly become a security concern. We’re already seeing some of the problems. These include connecting to public Wi-Fi hotspots, which can expose your data or can be malicious themselves. VPNs are a simple fix to this problem, yet, according to CNBC, it’s a step only 18 percent of consumers will take.
The need for up-to-date cybersecurity measures is something that is only growing in importance. As cybercrime evolves, and as its reach and impact increases, the attention it will demand will only increase too. This especially true for the small business community, which can no longer afford to remain blissfully indifferent. Not when it is their entire business that is on the line.