Early on in 2018, a news story broke about yet again, another cyber attack. But this time, you won’t believe how it happened. The reported attack occurred as cyber attackers actually hacked into a casino’s network by hacking through a thermostat in their internet-connected fish tank. And once inside a network, it’s only a matter of time.
In a cyber world, increasingly, the headlines, such as this one, offer stories of more and more cyber-attacks on businesses. Although the impact and fall out from these attacks for many is becoming clearer, yet still, 73% of companies are still not prepared for hackers. This was according to a Chicago based insurance company, Hiscox, who recently commissioned a survey of more than 4,100 companies. In that same survey, they noted the average cost for all cyber-attacks reported as $229,000, with one incident in the U.S. alone costing upwards of $25 million.
So, what is a cyber-attack and why should all businesses, including small businesses, consider a cyber-security game plan and get prepared?
What Is Cyber Security?
A commonly known definition of cyber security is the state of being protected against the criminal or unauthorized use of electronic data, or the measures taken to achieve this. Simply put, to protect oneself from a cyber attack.
What Is A Cyber Attack?
As seen above, with the internet-connected fish tank, hackers are constantly finding new and unforeseen ways to attack businesses, organizations, and governments. A cyber attack is a deliberate exploitation of computer systems, technology-dependent enterprises and networks.
According to techopedia.com, Cyber attacks use malicious code to alter computer code, logic or data, resulting in disruptive consequences that can compromise data and lead to cyber crimes, such as information and identity theft.
What Are The Motives For Cyber Attacks?
There are various motives for why hackers deploy cyber attacks. Depending on the business, organization, government, or even person, the motive can be different. But one thing is for sure, the goal is to exact a large amount of harm by way of reputation management, financial, and security.
Here are four different motives for cyber attacks along with common definitions for each one. If your business was targeted, which one of these motives do you think would be the reason?
Hacktivism – a computer hacker whose activity is aimed at promoting a social or political cause.
Cyber Crime – criminal activities carried out by means of computers or the Internet.
Cyber Espionage – the use of computer networks to gain illicit access to confidential information, typically that held by a government or other organization.
Cyber Warfare – the use of computer technology to disrupt the activities of a state or organization, especially the deliberate attacking of information systems for strategic or military purposes.
Are you prepared?
Who Do Cyber Attacks Target?
Should small businesses really be concerned about being hacked? Do you use social media, have a website, or e-commerce? Although larger organizations (more than 2,500 employees) make up 50% of those cyber-attacks targeted, small businesses beware as nearly 20% are targeted, as well. If you answered yes to any or all of the above, the answer should be yes.
What Are The Objectives Of Cyber-Security?
When you think about cyber security for all sizes of businesses, there are three main objectives and they are to prevent, detect, and mitigate. But, in this day and age of BYOD, or bring your own device, preventing being hacked is not always so simple. To build a plan, businesses need not just focus on technology and network security, but as much on people, processes and prevention.
Should Small Businesses Be Concerned?
It’s easy to read the headlines and think, “that will never happen to me.” Yet, with nearly 20% of small businesses in the cross hairs of cyber attackers, should small businesses be concerned?
Depending on type of operation or mission, there are many reasons why a small business would be targeted. With hacktivism and cyber-crime the top 2 leading motives for cyber attackers, anyone could be a target. And it’s not going away.
In 2018, Symantec, a leading cybersecurity software company, released a report on internet security threat and found there as an alarming 92% increase in the number of blocked phishing attacks that had been reported. As 49% of all malware is installed via email, which can cause significant data breaches, reputation setbacks, and cost hundreds of thousands, if not millions of dollars for businesses of all sizes, it’s past time to get prepared.
A spokesperson for Verizon was quoted recently as saying, “Ignore the stereotype of sophisticated cyber criminals targeting billion-dollar businesses, most attacks are opportunistic and target not the wealthy or famous, but the unprepared.”
So, where and how can small business get prepared?
5 Ways Small Businesses Can Be Prepared
Social Media – It seems not a week goes by without hearing another horror story that a person or organization’s social media pages were hacked. And depending on who in your business has access to your social media admin account, regularly changing passwords is a great place to start. Also, as often times, many small businesses will task multiple staff to manage the social media accounts, this means they are accessing via their own smartphones. If the device is stolen or their personal passwords are hacked, and they have admin credentials to your social media page, you then can become vulnerable to attack. Requiring employees to ensure their devices are password protected and that they too are updating their passwords on a regular basis would be a good start.
Software Maintenance – Ensuring that whichever operating system you are using on your devices as well as having software that is always up to date is critical. If there is one thing hackers are always scanning for, it’s security vulnerabilities.
Educate Employees – A first line of defense is going on the offense with the education of employees, especially as they either use company assigned equipment or their own. Teach them all the different ways hackers can infiltrate your system as well as how to recognize the signs of a breach. By creating security policies, you will leverage the power of your people to best protect your business from being hacked.
Create Security Policies – Creating a culture where everyone knows and understands the importance of cyber-security is essential. No matter the size of your business, staying up to date on the latest findings and best practices can help ensure a climate that keeps cyber-security front of mind. In this, be sure to include using strong passwords and how often to change them, how to report suspicious emails, as well as clicking on links or downloading attachments. Also, social media should be a part of these policies as well.
Develop and Practice IRP – Having an incident response plan is vital. Breaches come to businesses of all shapes and sizes. In this days and age, often times, it is not a matter of if, but when. From a serious data breach exposing customer information, defacing your online presence though website or social media hack, or other possible scenarios, when they happen, how will you respond? By creating an incident response plan, the valuable time so many companies waste reacting from not having a plan, can be avoided, thus mitigating risk.
Are You Prepared?
With 73% of businesses not prepared for hackers, there is work to do. But fret not, the good news is that if you are part of the 73%, by simply taking time to read this article on cyber-security for small businesses, you are closer than you think to getting on the path to being prepared. That said, change isn’t change until there is change.
What will you do to start protecting your business in the event of a cyber-attack? What steps can you take to begin? Remember, in this world it’s not a matter of if, but when.