2020 saw one of the largest threats to businesses globally with the onset of the COVID-19 pandemic. Not only did this threaten actual lives of individuals – the knock-on effect for businesses was almost insurmountable. There is not one economy or industry that exists that has not been deeply impacted by the pandemic and the economic impact of lockdowns, extended business closures, loss of sales and revenue and the requirement to go digital or cease to exist.
One would think that these issues for businesses were already too great to overcome – then we saw the rapid increase and entrenchment of cybercrime. As the pandemic hit hard and forced the digitization of industries and business practices – it also fostered the drastic growth of cybercrime. Clever, syndicated criminal networks, ruthlessly hungry for new ways to swindle vulnerable businesses out of money. The pandemic proved fertile ground for this industry to take off. This rapid increase in cybercrime will forever change the way we do business. You can see for yourself maps created by cybersecurity companies of cyberattacks here.
While some businesses haven’t really been prepared for cybersecurity threats – most have been reactive in their approach to cybersecurity incidents, now there is no room for complacency, and the only protocol must be a strong defence with the right product. There are actually a few reasons why small to medium enterprises (SMEs) have considered cybersecurity to be a very low threat to their livelihood, yet these are complete misconceptions that SMEs and service providers likely still hold, which increase your business risk of a cyber-attack.
1. “My business is too small to be hacked.”
The truth is – small businesses are the prime target for cyber-attacks, added to this – the dramatic impact a cyber-attack will have on your business will leave your business and operations in tatters – most SMEs are forced to close within six months of an attack.
Most of the headlines surrounding cyberattacks involve large enterprises and corporations, so it’s clear as to why this myth continues to infiltrate the SME world. Attacks against small businesses themselves are largely underreported, and many SMEs aren’t targeted specifically. Sophisticated hackers utilize a method known as “spray-and-pray” attacks, where automated systems are set up to randomly pervade businesses. Since these attacks are completely at random, any business can be infiltrated– regardless of how big or small.
Small businesses are historically renowned to be an easy target because they have less budget and lack the resources for the same security defences an enterprise or a large corporation can afford and access.
Small business owners wear many hats, they are busy! And cybersecurity can be complicated to navigate while easier to ignore. Cyber criminals are recognizing that SMEs are simply not protected. The good news is that there are offerings in the market today that are being designed specifically for SMEs, allowing access to more Fortune 5000 level security at affordable prices, like the product listed on Executive Business Solutions website from transmosisOne, you can read more about this here.
2. “Anti-virus, anti-malware software and firewalls are enough for me.”
Sadly, this is just not true – believing this will lull many businesses into a false sense of security, when in fact they are completely vulnerable still. Whilst anti-virus software is an important way to protect your business; it is by far not sufficient to protect you from everything else out there because antivirus and anti-malware software are unable to detect modern threats, and even more alarmingly, hackers can use this software to deploy highly sophisticated threats like ransomware to encrypt data. So, in effect – you are installing the very threat into your system without having any awareness of doing so.
Further to this, many businesses believe that firewalls are bullet proof – however they do not provide adequate protection because ransomware is very cleverly encrypted and thus, they do not detect data migration. The use and successfulness of ransomware has exploded in the pandemic, with the average payout for small businesses exceeding $177,000. A cost which no one should be forced to bear when there is adequate protection available from purpose-built security products.
You can probably ascertain by now, that the pandemic has created a perfect storm for criminals, and the methods and technologies used to hack businesses are now more sophisticated than ever. These individuals and syndicates are only out to wreak havoc on your business, for their financial gain – and they do not care about the mess and tragedy they leave behind. Anti-virus and anti-malware software, along with firewalls, can’t keep up, missing many of the threats getting through to your network and host level of your business.
3. “Cyber-attacks come from external sources only.”
It is a huge misconception that cyber-attacks come only from outside of the business because while this is often the case – it is also possible for a disgruntled employee, board member, consultant, partner, or even former employees or one with ill intentions to put your business at stake. Insider threats are major security risks that cannot be ignored and should be monitored closely. Sheer human error conducted by a trustworthy employee can also deploy threats unknowingly themselves. This happens largely due to poor or completely absent cybersecurity policies and training. For example – an email sent with a link proposing to be from a partner or your business – once clicked on, can see your entire network under threat. It is therefore so important for ongoing training and development of your staff, and a cultural awareness from the top down about the potential impacts and threat of cyber-attacks.
These insider attacks account for up to 75% of security breaches – which is frightening to consider that this is a combination of intentional and unintentional risk targeting your business. Along with human error like mistakenly opening a phishing email, there are several signs of intentional insider threats, including employees downloading or accessing large amounts of data, accessing data that is unrelated to their job responsibilities or outside of their unique behaviour profile, emailing sensitive data outside the business, or using unauthorized storage devices. All this activity can be picked up by the right security system.
Rest assured that by embedding safer practices within your organizational culture, and having access to leading cybersecurity software, you are preventing members within your organization/network from having the opportunity or the confidence to act in a way that could undermine your operations. Similarly – you are also protecting your business from accidental error.
4. “My IT service provider will take care of everything.”
Bravo to your business, and your IT team if you have been implementing and reviewing policies to keep your business safe. This is quite rare, particularly for SMEs, and a major responsibility. Given that these issues and threats do not seem ‘imminent’ most small businesses do not see the massive value in investing in a security provider, let alone setting up policies and a team in house to keep them safe. In fact, there are up to 43% of SMEs that have no cybersecurity defence protection at all. Can you see the damage that is waiting to happen here? 43% of businesses, built by hard working individuals with the very best intentions – now sitting ducks for a cyber-attack, these businesses are at major risk of losing everything they have worked so hard for and closing for good.
Even if you do have an IT department – the changed face of these threats to your business mean new modern threats are appearing every day, putting the responsibility solely on your IT department to protect your business can still leave you vulnerable. Every individual that has dealings with your business and is connected to your system – must maintain good cybersecurity practices. This includes board members, staff, contractors, and anyone who has access to you digitally.
Did you know that 94% of malware is delivered over email, and 48% of malicious email attachments are Office files? If your employees aren’t trained on cybersecurity best practices, such as identifying phishing scams, avoiding malicious links, or knowing how to appropriately change passwords, you will be hit repeatedly, potentially up to many times in one day! Good cybersecurity education and enforcing detailed policies within your organization will assist you well into the future.
5. “My business can be 100% protected from cyber-attack.”
With the ever-evolving sophistication of cyberattacks, and very clever hackers – the bare minimum as a business owner, is to have the best cybersecurity products at hand, and embed consistent, solid cybersecurity practices in your corporate culture. No-one is immune to cyber-attacks – therefore we are seeing more and more businesses who have been around for a long time, with decent IT teams and existing cybersecurity operations being hit hard be these incidents. We are facing a whole new world of threats – so heading into the future with eyes wide open and awareness is key. Your cybersecurity defence is not something that is set once and forgotten, it never stops.
The world is now experiencing a “pandemic within a pandemic” because with more employees working from home and in hybrid workplace set ups – businesses have fewer practical controls over office set ups remotely. Individuals are working outside the office using a multitude of devices leaving their employees exposed to increased risk. Simultaneously, new, highly sophisticated, and modern technologies are being created by hackers every day, leveraging off this very scenario.
Implementing, continuously monitoring, and reviewing your practices and systems is a must to keep your business safe moving forward, as well has having access to great security protection products. The ideal scenario requires participation from everyone involved in your company, and it is the only way to navigate your way into the future.