In a joint webinar 20+ year security veteran and Defendify Co-Founder, Rob Simopoulos, and Mike Quinn, CEO of Active Cypher, outlined how changes in people, processes, and technology have become the new focus of cybercriminals, and what businesses can easily do to significantly reduce the risk of a costly breach at their organization.
Cyberattacks targeting small and mid-sized businesses are on the rise.
According to Rob, in the past 12 months, 68% of small businesses have experienced a cyber attack and 50% of cyber attacks of target small businesses.
The threats that cause these cyberattacks come in many different forms and can look like a variety of things. Some common types of cyberthreats include:
- Cybercriminals trying to make money.
- Hacktivists who want to make a political statement.
- Cyber soldiers attacking the United States, and organizations within the United States.
- Insider threats like employees, contractors, or interns who have or had valid access to the systems and the data. (NOTE: while their actions are not often malicious and are often the result of human error, like sending an email with an important file to the wrong person, they still can cause enormous damage to an organization.)
Regardless of whether the intent of cybercriminals, the costs of a cyberattack can be crippling for many small businesses. Rob shared that the average losses resulting from a burglary at a small business are $2,000, while the average losses from a cyberbreach at a small business start at $117,000. Despite the losses being considerably larger from a cyberbreach, many organizations do not take the same precautions to protect their networks and data as they do to protect their physical business office. This often stems from a lack of awareness about what constitutes as sensitive data, with many small businesses assuming that they do not have any vulnerability to sensitive data being compromised.
“Sensitive data are things that you are not willing to put on your public facing website.”
Rob shared that sensitive date is any information that you would not publish on your public facing website. This includes information such as:
- Tax documents
- Vendor agreements and price lists
- Credit card data
- Legal documents and contracts
While preparing for and facing these threats may seem daunting at first glance, Rob breaks down the steps that small businesses can take to strengthen their cybersecurity posture.
Take a cybersecurity assessment to see where you stand.
A professional cybersecurity assessment can show you exactly where your organization stands in terms of cybersecurity and it can highlight where you have weaknesses, so you know what to strengthen in order to prepare for a potential cyberattack.
Layers of protection are necessary to be cyber-secure.
There is no one and done solution to total cybersecurity. Instead, a multi layered approach is needed to build a strong cybersecurity posture. At Defendify, we focus on three key layers of protection. A cyber-solid foundation of policies, plans, and procedures allows you to lay out guidelines around technology use and prepare for what to do if a cyberattack occurs. A cyber-smart culture means that your employees are on the lookout for and know what various cyberthreats look like, this can be achieved by frequently engaging with training materials like awareness training videos and phishing simulations. The final layer is cyber-strong technology that goes beyond traditional anti-virus and firewalls, and ensures that you are able to consistently monitor your systems and networks for potential breaches to stop cybercriminals in their tracks before extensive damage is caused.
Not only does strengthening your cybersecurity posture through a multi-layered approach mean that your organization is more cybersecure, but it also means that you are prepared to take 3rd party vendor assessments and can prove to current and potential clients that you are taking the proper steps to ensure that both your and their data is secure.
To learn more about evolving cyberthreats and steps you can take to prepare watch the recording of the whole webinar here.