SMALL BUSINESS DEVELOPMENT CENTER
AVOIDING DATA BREACHES
In the ‘Wild, Wild West’ of cyber attacks, security is everybody’s job
TCBusiness.com 55
Think your business is too small to be a
target of the cyber bad guys? Think again.
According to the Verizon 2019 Data Breach
Investigations Report released in May
2019, 43 percent of cyber attacks in 2018
targeted small businesses. That’s pretty
high odds.
More than half of the breaches resulted
from hacking. Other tactics included social
attacks (33 percent), malware (28 percent),
events caused by errors (21 percent), misuse
of authorized users (15 percent) and
physical actions (4 percent).
If that is not enough to scare you,
Symantec’s 2019 Internet Security Threat
Report found that “formjacking” attacks
skyrocketed in 2018, with an average of
4,800 websites compromised each month.
Remember ATM skimming? Formjacking
is similar, but it’s targeted at e-commerce.
Cyber criminals load malicious codes onto
retailers’ websites to steal shoppers’ credit
card details.
The Symantec report also found that
supply chains remained a soft target with
attacks ballooning by 78 percent.
While large businesses can dedicate resources
to cybersecurity, small businesses
face the same cybersecurity challenges
and threats with limited resources, capacity
and personnel. Yet, these statistics
show that small businesses can no longer
afford to sit back and hope that it won’t
happen to them. Just like their large
company brethren, small businesses need
a cybersecurity strategy.
Kevin Campbell, PwC’s Southeast
cybersecurity expert, told Treasure Coast
Business: “I hear all the time from all size
businesses, ‘Why would anyone attack us?’
In today’s world, it doesn’t matter if you
are a Fortune 500 company or a startup or
an individual, there are attackers out there
that are coming after data, coming after
money, using different mechanisms to
attack all sized companies.”
RANSOMWARE THREAT IS REAL
Ransomware continues to be a big
threat to small businesses, he says, a point
echoed in the findings of both the Verizon
and Symantec reports.
Verizon’s report found that ransomware
accounted for a quarter of all the malware
incidents analyzed. Symantec’s report
found that while ransomware threats were
down against individuals, attacks on enterprises
were up 12 percent.
“Ransomware are these bots that people
can create or go to a store on the dark
web and rent to launch attacks,” Campbell
explains. “Once the ransomware has found
the way into your system in some way,
shape or form, they very quickly propagate
across your network and encrypt
everything. Then a message comes up
demanding a ransom, typically $50,000,
give or take.”
The bad actors know that small businesses
are typically more vulnerable. For
a lot of these businesses, they are paying
the ransoms, because the alternative is to
rebuild their systems from scratch.
“I’ve seen small, medium sized companies
that went in and tried to rebuild their
systems, but then realized they hadn’t
been backing up for six months,” Campbell
says. “Ransomware really is targeted at
your smaller companies.”
IoT DEVICES
Another trend is the use of IoT technologies,
a system of interrelated computing
devices, as an infection vector. Indeed,
the Symantec report found that IoT was a
key entry point for targeted attacks and
privacy breaches. Most IoT devices are
vulnerable, according to the report.
“It’s the wild, wild west,” Campbell says.
“People are building products, they are
building apps, but yet, they aren’t taking
the lessons learned from all the cybersecurity
issues we have had, by building cyber
and digital resilience into their product offerings.
We are making the same mistakes
we made 30 years ago.”
In PwC’s inaugural Digital Trust Insights
survey, 81 percent of respondents say IoT
is critical to at least some of their business,
but only 39 percent say they are very confident
they are building sufficient digital
trust controls with security, privacy and
data ethics into the adoption of the IoT.
Only 30 percent list IoT security among the
safeguards they plan to invest in this year,
the survey found. Similar results were seen
for other emerging technologies.
So what’s a small business to do?
BUILD SECURITY INTO
YOUR CULTURE
“If you are a new or newer company,
from day one you’ve got to build security
into the people, the process, the technology,
the culture and the governance. You
have to do it right … to ensure you have
that digital resilience,” Campbell says.
Employees clicking on attachments is
still one of the easiest ways for companies
to get infected, he says.
“Security awareness is huge. By building
the right culture, the products we are
going to build will not only hit this level
of quality, but they are also going to have
quality associated with security. Security is
everyone’s job.”
And yet, he adds, a lot of times companies
are not putting enough structures in
place for the reporting and oversight.
“Having the latest security software, web
browsers and operating systems and having
the best anti-virus software are part of
the basics every company needs to have
in place. But also key is the culture that
ensures that an employee doesn’t introduce
vulnerabilities, and that they keep the
software and systems updated.”
BY NANCY DAHLBERG
Kevin Campbell, PwC’s Southeast
cybersecurity expert, says
all companies are threatened by
cybercriminals, but security awareness
is on the rise. Business owners
should take advantage of the
latest technological defenses to
protect their software, web browsers
and operating systems.
>>
/TCBusiness.com