By Akshay Bhargava
A data breach can be immobilizing, especially for small to mid-sized businesses (SMBs). Not only can the cost be crippling, the long-term impact on a company’s viability may be impossible to reverse. Especially now, during a time where SMBs are already under tremendous financial, staff, and re strain, a data breach is the last crisis any business wants to face.
The 2019 Ponemon Cost of a Data Breach Report notes the global average cost of a data breach is $3.92 million, a 12% hike from 2014 to 2019. When you combine this with the ongoing security skills shortage and fierce competition for IT staffing—as well as an environment where larger companies can offer more trendy perks—it’s evident SMBs have to be more efficient in developing a cybersecurity infrastructure. Faced with less staff and leaner budgets, they also need to engage all stakeholders in their organization to ensure data protection becomes an “all hands” endeavor.
SMB executives and IT teams, if a company is lucky enough to have an IT team, have very limited res for hiring new IT security staff. At the same time, they are faced with the constant fear that a successful cyberattack could bring extreme financial stress, which could bring devastation to a smaller organization.
Executives also know that not every employee, contractor, or partner is fully briefed on the latest threats affecting a business in real time. Strengthening security entails building an infrastructure that, to some extent, continuously adapts to new and changing threats.
Here are two cybersecurity trends organizations should be aware of:
- Ransomware attacks on organizations will continue at a more rapid pace, thanks to a diversification in attack vectors. While in the past, ransomware was typically delivered via exploit, organizations now face everything from exploit kits to botnets, hacking tools, and manual infection. The development and prevalence of easy to deploy malicious hacking tools that are designed to more effectively attack networks will allow ransomware authors and affiliates to more effectively penetrate and decimate business infrastructures.
- Hybrid attacks with multi-stage payloads will escalate. A multi-stage attack allows for an attacker to infiltrate a network more efficiently. This year more types of malware will be developed where the dwell time may be days, or even weeks, before an attacker decides what to do next. This is an interesting type of monetization where attackers alternate payloads and conduct proper victim triage. One scenario we’ve seen is the sale of the infection to someone who wants to mine for cryptocurrency or spread more malware, for example.
Anti-threat machine mechanics
Against this landscape of varied threats and creative cybercriminals, organizations need to think holistically in terms of cyber defense—engaging all stakeholders and looking at threat entry points from multiple perspectives and with greater scrutiny. Some practices to consider:
Diligent patching and updates. One popular attack vector is the manual infection of business networks through misconfigured ports or unpatched vulnerabilities. This is one example of why real-time patching and updates are a critical must for any IT team. Consider automating patching and updating practices when new software updates are required.
Universal education. Since the actions of every employee or contractor can easily contribute to successful malware, companies should provide ongoing education where cybersecurity becomes a guiding principle for everyone. For example, while spear phishing is popular with criminals who target executives and are looking for a big score, in reality, any employee is a target for phishing. A single attack could cost a mid-sized company an average of $1.6 million.
Dedicated, ongoing training and reminders are important for all levels of a business. It’s also critical to avoid blaming employees or third parties when things go wrong. Executives need to make it clear employees won’t get in trouble if they report incidents.
Other Articles From AllBusiness.com:
Modernized endpoint security. Only 47% of initial vectors of cyberattacks are detected by antivirus tools, according to the SANS Institute, so security teams must assemble multiple security products to combat this gap in their security posture.
One critical component is endpoint detection and response (EDR) software, which can help software security teams investigate and respond to threats that have bypassed other defenses. An EDR solution should provide automated analysis of data to identify suspicious activity and help IT and security staff successfully navigate the threat hunting process.
Standardized BYOD controls. Securing the endpoint in today’s remote worker environment means a virtual extension of all access controls, updates, and restrictions. In the SMB world, it’s even more critical to implement employee awareness training so BYOD (bring your own device) users understand the importance of personal diligence and modify their behavior accordingly.
In addition to executing automated application controls and limiting access per user and work responsibility, ensuring BYOD devices do not infect a corporate network needs to be a top priority. This means IT must have a complete picture of all assets in use and be able to quickly discover any rogue devices before they can cause damage.
Cloud security segmentation. Today’s growing BYOD and remote workforce is using cloud-based tools to improve their everyday productivity and data access efficiency. But this convenience comes at a cost. This data free-for-all approach offers another avenue for threats to enter the corporate infrastructure.
One way to reduce the risk from cloud networks and head off any trouble is to segment cloud and on-prem to more efficiently monitor for traffic or data-flow anomalies. For example, IT can segment the critical infrastructure network so that routine workflow—done remotely—moves to the cloud via a regular corporate network.
Consider outsourcing. Many SMBs simply don’t have the bandwidth to do security justice, and that’s okay. There are a number of managed security service providers (MSSPs) that can handle security for companies through security operations centers that provide 24/7 services.
While limiting the need for internal security personnel, these MSSPs can help you manage everything from firewalls and intrusion detection to virtual private networks, vulnerability scanning, and anti-viral and anti-malware services. Be sure to select a provider that has an understanding of your business and the security metrics you require to maintain an acceptable security posture.
A well-oiled machine
It has never been harder for a small business to stay in business than it is today. To be successful requires that everyone in an organization becomes cyber aware, no matter where they work or what devices they use. Implementing modern, adaptable, and agile security practices; intensifying training; and increasing communication is essential to countering attacks.
A good actionable cybersecurity game plan, along with an “all hands” concerted effort from every employee, can help a small business fulfill a goal of long-term growth and success.