A recent survey by Malwarebytes shares great insight into the vulnerability of small and medium businesses (SMBs) to cyberattack. Even though one may think that SMBs are less targeted by cybercriminals this is not the case, if anything SMBs are getting hit even more than larger businesses.
Out of the SMBs surveyed 81% have been hit with a cyberattack and 66% of these have suffered a data breach of some type. The consequences of the attack involved down time; and while for 90% of SMBs down time was at least an hour, for 22% of businesses there was an inability to conduct operations for at least a full day.
Can you imagine being offline for an entire day? Also, in addition to not being able to conduct business for the time a business is offline, SMBs will also face data breach costs and reputation damage.
Additional insights on the cyberattacks that are hitting small businesses show that ransomware is a major attack method. The study finds that 35% of SMBs attacked were hit with ransomware and while only 3% of these types of attacks demanded a ransom beyond $100,000, 11% demanded a ransom of above $10,000.
A bigger problem is that the SMBs surveyed were unprepared for ransomware attacks and did not have a back up of their data. Furthermore, 33% of SMBs weren’t running any type of anti-ransomware technology, even though they believe ransomware should be addressed by technology and not staff training.
Another important finding was that 27% of the SMBs surveyed did not know the source of the ransomware that struck them. Only following investigation were they able to determine that the source was a malicious email.
With 54% of SMBs saying they are very concerned about ransomware the question remains why the gap in taking steps to address security so that businesses can prevent cyberattacks from causing such damage to their company?
To answer this question, we turn to another study; this time by Demisto, where they found that 40% of companies are not prepared to measure incident response and their reason is due to lack of resources. 90% of businesses find it challenging to find experienced employees with the necessary skill sets to put into place an effective incident response plan. Even if an employee is found it takes businesses an average of 9 months to hire and fully train the new hire. In addition to the hiring process being a problem, retaining IR staff is also an issue. More than one-third of IR staff leaves the company within 3 years leaving businesses vulnerable once more to lengthy down time.
As a company who has been in cybersecurity for more than 15 years, the best way we know businesses of any size can avoid continuing to be vulnerable to cyberattacks in a way that brings such great damage to their business is to invest in a holistic cybersecurity posture.
If you’re going to protect your business from high data breach costs, lengthy down time, and potentially closure (depending on the extent of the damage a cyberattack brings); you don’t just need a business continuity plan and incident response team ready. You need to work with a company that can set you up in such a way to have eyes on all the areas that are vulnerable to hack. This is exactly why we created MyCSO.
MyCSO cybersecurity services helps SMBs to finally establish an effective cybersecurity posture and to be ready when breach strikes. If you’re interested in talking more about your SMB’s needs give us a call.
It’s our mission to help businesses like yours to stay in business and safeguard your customers, and valuable data assets.
Photo Courtesy of Dirk Ercken