Posted On 02 Nov 2019
It used to be a rarity to hear about small businesses suffering hacking attacks, but the Verizon 2019 Data Breach Investigations Report (DBIR) states that 43% of cyber-attacks are now aimed at small businesses, making them the most attacked of all groups. Small businesses tend to be less knowledgeable about security and invest less in this area, and cybercriminals are exploiting this weakness.
While new additional ways of doing business have mushroomed, small businesses have not kept up with the security requirements of the new landscape. Without daily reviews of security procedures and investment in cyber protection, there is a very real risk of a small company being driven out of business altogether.
Sixty nine percent of attacks on small businesses were external, with 39% being initiated by organized criminals and 23% by hostile nation-states and their affiliates. 34% of incidents involved insiders, with 2% of attacks being initiated by business partners. The majority of attacks were a result of hacking, but malware, social media attacks, employee mistakes, account manipulation, and physical attacks all play their part.
The report demonstrates that any kind of business can come under cyber-attack, with 15% of healthcare organizations being attacked, 16% of public sector organizations and 10% of financial institutions being major targets. No area of business was found to be immune to attack.
The report stresses that it is essential that businesses should be proactive in defending their digital property. This doesn’t mean that every small business has to have a digital expert, but everyone should make themselves aware of the risks out there and what they can do to build t proper defenses. If you are lacking the confidence to make choices yourself, hire an industry expert; the money you spend could save you many thousands of dollars, or even save your business.
Verizon states that the most important thing a business can do is to keep updating its security and paying close attention to detail. Opportunities for human error should be limited, and you should ringfence your data and security around all outlets to the Internet. Make sure that you avail yourself of all updates to operating systems and software, and pay special attention to the integrity of files related to payments. Two-factor authorization is essential for good security, and you should know at all times which staff have access to your sensitive data and when. Let them know that you’re monitoring this to remove temptation. Finally, keep an eye on all social media links and make sure that your staff know how to recognize pretexting and phishing attacks.