[BreachExchange] Is Your Business Vulnerable to a Cyberattack?
Audrey McNeil
audrey at riskbasedsecurity.com
Fri Mar 2 10:30:17 EST 2018
https://www.inc.com/larry-alton/is-business-vulnerable-to-a-cyberattack.html
Cyberattacks on small businesses are on the rise. Last year, 61 percent of
breaches were targeted at small businesses, up from 53 percent the year
before. Considering that cyberattacks typically cost small businesses
somewhere between $83,000 and $148,000, and that 60 percent of attacked
businesses go out of business within 6 months following an attack, that's a
frightening thought.
Nobody gets hit by a cyberattack on purpose. Most companies connecting to
the Internet are protected by some kind of firewall appliance. But firewall
appliances alone can't address all or even most of today's security issues
and, in fact, often lead to problems.
Uneducated or Apathetic Staff
The biggest problem, by far, is a team of people who are uneducated or
careless with cybersecurity. In fact, it's estimated that up to 90 percent
of cyberattacks are attributable to human error or behavior.
For example:
- Phishing and similar scams. If your employees don't understand the
hallmarks of a phishing scam, they may be willing to give out their login
credentials for free. If they open a malicious attachment on their
computer, they may open the door to a serious security breach. Once a
hacker has access to an account, they can probably gain access to other
areas of your network--and easily.
- Social engineering. Your employees may also be victims of social
engineering; in other words, someone disguising themselves as an authority
who's secretly out to get information. They may receive a call from someone
pretending to be IT support, and voluntarily give away private information.
- Password problems. Your staff may also be inept at creating and changing
passwords. If they choose short passwords or easy-to-guess passwords, they
can be hacked easily. If they leave their passwords recorded in plain
sight, it's even easier. And if they don't change their passwords often,
the vulnerability can persist for years.
The best way to mitigate this risk is to train and educate your staff--even
if it costs extra time and money to do so. Keep them up-to-date with
regular training sessions.
Missing or Lackluster Firewalls
Staff mistakes aren't your only concern. If your computers are connected to
the internet in any way, they could be vulnerable; that's why firewalls
exist to help you control different types of incoming and outgoing traffic.
As a small business, you can invest in a simple firewall to protect you
against the most common threats, but as you scale, the firewall appliances
become more limited; you'll need more processing power and smarter
appliances, that can be a challenge unless you have a dedicated IT team to
help you out.
A Lack of Investment
Some businesses are vulnerable because they aren't willing to spend money
on the tech and people necessary to prevent an attack. They invest in old
devices and old software because it's less expensive, even though upgraded
machines are better protected against attacks.
They trust their instincts rather than hiring an expert, and make poor
infrastructural decisions, or neglect an entire dimension of cybersecurity.
Bad Luck with a Sophisticated Attack
Of course, no matter how much knowledge you have on the world of
cyberattacks or how much you've invested in your own campaign, you could
still get unlucky with a sophisticated attack. The vast majority of attacks
are small and opportunistic, but if you're faced with a large-scale,
brute-force assault, or an especially clever hacker, even the best security
standards will have trouble protecting you.
Fortunately, you don't have to worry much about this level of attack;
they're typically reserved for higher-profile targets, or those with much
to lose (such as a national government).
There are, unfortunately, many ways your business could be vulnerable to a
cyberattack, and even if you account for all of them, there's no way to
reduce your risk of attack to zero; after all, it's always possible that
someone on the inside could sabotage your systems.
Still, if you understand these four main vulnerabilities, and are willing
to spend the time and money to protect against them or compensate for them,
you'll make your business a much more difficult target than your
contemporaries--and you'll be a much less likely target as a result.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180302/bf53ef40/attachment.html>
More information about the BreachExchange
mailing list