Cybercrime threatens businesses every minute of every day. These days, there’s no such thing as a typical target and all organizations are fair game. An increasingly sophisticated global network of hackers are always refining their attack strategies and are constantly on the lookout for new victims.
The malicious intrusions that get the most publicity are the ones that cause the greatest damages. Therefore, it can be easy to assume that massive businesses like Target and PayPal are the main victims of cybercrime. But while companies like these often present more lucrative monetary targets for hackers, they also tend to be better guarded, which prompts cybercriminals to aim for easier prey. As CSO pointed out in January 2015, SMBs are ideal targets for hackers due to their status as “low-hanging fruit” - i.e. enterprises at the bottom of the enterprise defense food chain.
According to a December 2014 report from Intel Security, small business attacks account for more than 60 percent of total data breaches. One of the many factors contributing to this figure is a lack of security spending among small organizations. In 2014, small businesses cut their security budgets by 20 percent and it’s this lack of attention toward enterprise security that cybercriminals capitalize on.
In 2014, the FBI’s Internet Crime Complaint Center received over 269,000 complaints, comprising total losses of more than $800 million. Reports came from individuals around the world, complaining about issues like government impersonation email scams, cyber extortion efforts and business email vulnerabilities. As the 2014 US State of Cybercrime Survey uncovered, more than 75 percent of respondents reported that they’d experienced a cybersecurity event.
When companies take steps to combat cyber threats, they go a long way toward limiting their odds of getting attacked. Here are some best practices for all businesses when it comes to firming up cybersecurity:
Create a Plan Approximately 70 percent of small enterprises that suffer from large-scale data loss, a common consequence of a hack, will shut down within a year of the incident. Therefore, the odds are decidedly against small organizations that are hit by cyberattacks. However, these are odds that can be surmounted through a comprehensive cybersecurity plan. A detailed cybersecurity plan that is able to detect newer threats is far less expensive than the costs associated with being hacked and having an entire business network compromised.
Explore All Options It only takes a single exploited vulnerability for a whole company to fall victim to a cyberattack. A single company-connected tablet that isn’t strongly safe guarded is all that a hacker needs to create an attack.
Security isn’t about only meeting PCI compliance or similar standards, but going beyond that. While businesses may once have been able to get by with basic firewall tools, that’s no longer the case. Comprehensive preparedness can consume lots of time, money and talent if carried out internally. That is why a growing number of organizations are turning to outside services to help with enterprise security rollouts. Outside service providers can help businesses construct plans that establish a cybersecurity baseline and supplement the strategy with outsourced expertise.
Conduct Regular Security Assessments Network security assessments and penetration tests are two different but equally important components of enterprise security. In a security assessment, businesses conduct a broad evaluation of their network to determine if any potential vulnerability is present.
A penetration test, on the other hand, is a simulation of an outsider network attack that is carried out internally. While the security assessment takes a broad-based approach, penetration tests are about exploiting known vulnerabilities to see how an attack scenario would occur and how to defend against one.
Train Employees Many cyberattacks only need one poorly trained employee to occur. Phishing schemes are a highly popular attack method in which malicious hackers use email as a network entrance point. A business isn’t prepared to handle cybersecurity incidents until all of the employees are educated.
For companies that don’t train their employees in the fundamentals of safe computing, the chances of an attack will skyrocket. The first step is to educate staffers on the cybersecurity plan developed, not just the IT department. Then, come up with a list of employee cybersecurity best practices that all employees should follow. Also, make sure to set aside time at company-wide meetings to discuss cybersecurity issues in sufficient depth. Due to the always-evolving nature of cybercrime, a single employee training session won’t cover it. Instead, consistent reminders of best practices are the way to go.
With the cooperation of an entire organization, cybersecurity attacks will become less frequent and less damaging. By putting in place a contingency plan and educating all employees, information can be protected from even the most knowledgeable hackers.
Miles Franz is the Vice President, Professional Services with ISG Technology, a full spectrum data center and IT infrastructure partner uniquely positioned to provide complete solutions from client premises all the way to the cloud. Learn more at www.isgtech.com