It almost seems that a month doesn’t go by without a massive data breach involving a vast quantity of personal information making the headlines. Indeed, organizations such as Equifax, Ashley Madison, Adobe, eBay, Heartland Payment Systems, or LinkedIn have all experienced the consequences of insufficient cybersecurity, and people all around the world have read about them.
But what about the data breaches that don’t make the news? Well, the less “newsworthy” data breaches typically involve smaller organizations with limited resources to recover from them. And even though we don’t hear about them much, they’re happening on a daily basis, disrupting the lives of hard-working folks who have a thousand other things to worry about besides hackers.
What the News Don’t Tell You About Data Breaches
Two years ago, the Ponemon Institute released its 2018 State of Cybersecurity in Small and Medium Size Businesses study, and the results were shocking: nearly 60 percent had experienced a data breach in the previous 12 months, and 67 percent had experienced a cyberattack.
The same small and medium-size organizations had to pay on average $120,000 to recover from a cyber incident. What’s worse, around 60 percent were forced to close their doors less than six months after the incident anyway because they were unable to fully resume normal operation for a variety of different reasons, including financial issues, loss of customer trust, and inability to recover important data.
The bad news is that cybercriminals have only recently started to realize just how lucrative targets smaller organizations are, so the situation will likely get worse before it gets better. Already, SMBs are reporting that the cybersecurity threats they face are becoming more sophisticated and difficult to defend against. Ignoring them means playing a dangerous game with no extra lives—something no business owner should do.
It’s Time for SMBs to Start Taking Cyber Threats Seriously
For a long time, smaller organizations could afford to not make cybersecurity one of their top priorities because hackers were interested mostly in larger enterprises, but that’s simply not the case anymore. In fact, more cybercriminals than ever focus all their attention on smaller organizations, and here’s why:
- Doing more business online: Organizations of all sizes are doing more business than ever online, taking advantage of various cloud services that empower them to be more productive and less dependent on their own IT infrastructure. Since the outbreak of COVID-19, many employees have started working remotely from their homes, often using their own personal devices. The increase in online activity means that cybercriminals have more attack vectors to exploit and organizations more cybersecurity threats to worry about.
- Weaker security: Even though cybersecurity statistics make it clear that smaller organizations are exposed to just as many cyber threats as large enterprises, their online security often falls behind. Smaller organizations understandably don’t have the resources (both financial and human) to develop a comprehensive cybersecurity program to thwart off cyber threats and quickly recover should a cyberattack occur. Hackers are aware of this, and it doesn’t take much for them to figure out that they can make more money by breaching five smaller organizations than a single larger one.
- Access to hacking tools: Thanks to the dark web and cryptocurrencies such as Bitcoin and Monero, even relatively unskilled hackers can quickly obtain powerful hacking tools and use them to target organizations in bulk. While such tools wouldn’t be able to penetrate the cyber defenses of large enterprises, they can easily breach smaller organizations that have been neglecting cybersecurity.
For these and other reasons, it’s almost guaranteed that any organization—regardless of its size and industry—will experience a hacking attempt sooner or later. Fortunately, there’s a lot that can be done to prevent the attempt from resulting in a costly data breach.
The best step any organization with limited financial and human resources can do to improve its cybersecurity posture is to find a managed service provider (MSP) that knows what it takes to defend against the latest cyber threats.
At BCA, we have over 30 years of experience in the IT industry, and we use this experience to help SMBs come up with a comprehensive approach to online security. If you’re looking for a partner in cyber defense, contact us, and we’ll keep you protected from hackers.