Cybersecurity Awareness Month Marked in October
October is National Cybersecurity Awareness Month, a yearly collaborative effort between government and private industry organizations to promote awareness around IT security.
This year’s overarching theme is emphasizing the role individuals play in maintaining good security practices at home and work as well as the need to be proactive rather than reactive when it comes to dealing with IT security. I can’t think of better timing for the inaugural article in my cybersecurity column.
According to a report published by Gartner Inc., a global technology research and advisory firm, 78% of small-business owners believe they are not a target of cyber threats. This certainly aligns with my own experience. Prospective clients I engage regularly tell me they are not at risk because they either do not store information of any value or are not a large enough business to be on a hacker’s radar. That these misconceptions still exist in 2019 is shocking.
Earlier this year, Verizon published its 12th annual Data Breach Investigation Report, which included data from over 43,000 confirmed security breaches across 86 countries. It found that 43% of the security incidents studied in the report were perpetrated against small businesses. Globally, one in four companies will experience a security incident and 60% of all small- to mid-sized companies that experience such an incident go out of business within six months.
So why does, say, a small Mahoning Valley company of 20 employees end up on the global cyberattack radar? One part of the answer is simply: hackers do not care who or where you are. They do not, usually, start with a target in mind but rather perform scans across the internet on a massive scale looking for low hanging fruit – open firewall ports or unpatched computers – which allow for quick entry.
According to Verizon’s Data Breach Investigation Report, financial gain was the top motivator of malicious actors (not surprisingly) and threats such as ransomware are extremely profitable at scale. We’ll be covering ransomware in-depth in a future article.
For the subset of attacks that are targeted, I would argue that a small company still makes the most appealing mark. They are more prone to making IT security a low priority, often relying not on the help of an outside specialist or IT department but rather adding it to the plate of someone internally who may have some computer experience but is still far from being an industry professional.
Small businesses also have all the same attack points as a large corporation (email, social media, cloud services, unpatched computers, etc.) but with a greatly simplified internal structure, fewer internal controls, and often absent policies and procedures that could have helped detect and respond to a breach after the fact. This means, all other things being equal, an attack would penetrate much deeper and with far more effectiveness at a smaller firm.
And if you’re still not convinced that cybersecurity is something you should take seriously, I’ll add one final takeaway from the Verizon report: 34% of security incidents were perpetrated by insiders at the companies studied.
At the end of the day, neither where you are located or where the threat lies really matters. Good IT hygiene should not be thought of as a defense against stereotypical, shadowy figures across the internet but rather a standard component of any organization’s ongoing operational strategy; a vital part of ensuring the ongoing growth and success of your business.
Be sure to check back next time when I discuss the six biggest IT management and security mistakes that area businesses seem to make time and time again.
Editor’s Note: Robert Merva is the owner and CEO of Avrem Technologies LLC, a business IT and cybersecurity consulting firm started in 2007 and based in Canfield, Ohio. They monitor and manage the networks, servers, computers and software that their clients rely on every day. By combining a unique approach with years of experience and proven solutions, organizations that use Avrem have more uptime, are more efficient and have better security, all with less headaches. Visit Avrem Technologies at Avrem.com
Bits and Bytes is sponsored content produced by Avrem Technologies LLC
Copyright 2023 The Business Journal, Youngstown, Ohio.