Cybercriminals Have Your Business In Their Crosshairs And Your Employees Are In Cahoots With Them.

Cybercriminals Have Your Business In Their Crosshairs And Your Employees Are In Cahoots With Them.
Cybercriminals Have Your Business In Their Crosshairs And Your Employees Are In Cahoots With Them.
  • 58% of cyber attack victims were small businesses
  • A cyber attack can put you out of business because the cost of cleaning up after a breach can be considerable.

“Hello friend! I have some bad news for you. Your files have been encrypted!”

Thus begins the ransomware email that could spell utter doom for your business. Think it can’t happen to you? You may want to think again.

Cybercrime is big business. According to Cybersecurity Ventures, it’s projected to cost the world $6 trillion by 2021. Moreover, cybercriminals have found a sweet spot—small businesses.

According to the 2018 Verizon Data Breach Investigations Report, 58% of cyber attack victims were small businesses (organizations with fewer than 250 employees). This may seem counterintuitive for two reasons. First, the big payoff would seem to be had by going after large organizations. Second, the news is filled with headlines about cyber attacks on big companies, not small ones. One example of this is the Target hack during which the credit card details of tens of millions of people were stolen. But here’s the thing about that hack that most people don’t know—the hackers gained access to Target’s network by infiltrating a small HVAC company and stealing that company’s access credentials to Target’s network.

A cyber attack can put you out of business because the cost of cleaning up after a breach can be considerable. In fact, according to Malwarebytes, a global provider of malware prevention and remediation solutions, ransomware attacks caused nearly a quarter of small and medium-sized businesses hit by them in 2017 to completely halt operations. Recent statistics show that around 60% of SMBs forced to suspend operations after a cyber attack never reopen for business. The lost revenue due to downtime, the cash spent attempting to remediate the breach and the reputational damage can really add up.

Despite these stark facts, most small business owners aren’t prepared to prevent, detect or respond to a cyber attack.

“The threat environment is active and intense,” says Cyrus Walker, Managing Principal at Data Defenders, a cybersecurity advisory, response and managed services provider. “A cybercriminal has a much greater opportunity for success in attacking a small business because small businesses are very weak in their security countermeasures.”

So how are your employees in cahoots with cyber attackers? Because the number one way hackers gain access to small business networks is when someone on that network clicks a link or an attachment in a malicious email. Once inside your network, the attackers can do things like steal or encrypt your data.

“Two key mistakes small companies make that leave them vulnerable to cyber attacks are they assume they won’t be targeted and they don’t provide any cybersecurity training for their employees,” Walker says. “The top cybersecurity threat to small businesses is really an insider threat because employees let the cybercriminals in.”

Walker offers the following tips for business owners:

  • Change the mindset and the culture of the organization. Assume you are a target.
  • Make available the necessary training for your employees to intensify the level of vigilance and awareness of possible risks and threats that exist.
  • If you don’t have tech resources in house, identify a provider that can help you conduct a risk assessment, identify cyber threats to your business, develop an incident response plan and implement countermeasures to mitigate high probability threats.

Make cybersecurity planning as important as other aspects of your business planning process. Failing to do so could mean that your business may one day face an existential threat that could have been prevented.

Your employees may be unknowingly in cahoots with cyber attackers because they lack proper training and awareness. But now that you have some idea about the risks you face, failing to take steps to protect your business makes you more of a knowing collaborator, doesn’t it?

originally posted on Forbes.com by Ivy Walker