In just the first six months of 2017, there were nearly 918 data breaches around the world. As those numbers continue to rise in 2018, cyber attacks represent a massive threat to businesses everywhere. Though the typical assumption for these sort of threats is that only big companies need to worry, we’ve quickly learned that is not the case, with 43% of cyber attackers now targeting small businesses, What these findings demonstrate is that cyber attackers do not discriminate–if you possess any sort of valuable information there is a plausible chance it could come under attack. To best prepare your business for fending off these threats, we’re breaking down the similarities and differences between large and small business cyber attacks. What’s putting them at risk, what are their strengths and weaknesses, and how you can help stop future breaches.
The past year has been eye-opening for cybersecurity faults in large corporations. Between the Equifax and Yahoo data breaches, leaked government tools, and the exposure of voter records, the vulnerability of our personal information has been alarmingly displayed. However, these disastrous attacks created the necessary dialogue about how large businesses are put at risk and how to defend them.
The obvious reasoning behind large-scale cyber attacks comes from the highly-valued intellectual property maintained by major businesses like Equifax. As cloud security advocate and CEO of Oracle Mark Hurd stated, Equifax was the absolute perfect target for a hack because of its size and the “treasure trove of information” it had on file. The bigger the company, the bigger the data pool, such as customer contacts, credit card info, and health data. This sort of information values at thousands of dollars on the black market where criminals are selling the stolen data. For instance, a thief can sell 10 Medicare numbers and profit around $4700 online.
And when the goal is to gather as many people’s information as possible, these large corporations are a goldmine.
Another reason we’re seeing more and more attacks is growing reliance on internet storage and transactions. According to Mark Nunnikhoven, VP of cloud research at Trend Micro, as we do more and more of our business online, criminals are realizing the value of the data that organizations are protecting, which in turn is resulting in an increase of high-profile breaches.
Considering cyberattacks on large businesses are expected to increase rather than decrease, the question we’re struggling to answer is: what is putting us at risk and how can we stop it? Well, one reason we’ll explore is a bit of a double-edged sword. With big businesses come big budgets, and the majority of those resources are used for updating and maintaining existing software. In theory, this is great practice–it makes sense to want the most up-to-date and effective software in place to secure your company information. However, in between these updates is a lag time of extreme vulnerability. On average companies take 100-120 days to patch vulnerabilities, if they do at all. Attackers are hyper-aware of these security holes and as we learned from WannaCry, failing to properly patch can have devastating results.
Larger companies also have numerous strengths in defending against cyber attacks. When not compromised, the large budget available to large companies is crucial in implementing the very best cyber-security solutions. The cloud is a better option that will handle security while reducing the need for on-site servers, which in turn eliminates requirements for full IT support team. Software companies not only have top of the line security requirements in place, they continue to update their product for ongoing improvements to protect businesses.
As mentioned earlier, the general assumption for cyber attacks is that they only happen to large corporations and companies with giant data pools. What’s come to light over the past several years, however, is that small and mid-sized businesses are becoming more attractive targets. Small businesses, for the most part, are not as technologically equipped as their larger counterparts, yet they contain the same sort of valuable information attackers seek. Not only do small businesses generally store financial and personal data that can be used for fraud or identity theft, in many cases, they supply larger enterprises with goods and services that can be used to gain access. Secondly, without the budget or resources for up-to-date security measures or education, employees lack risk awareness and attackers are more likely to sneak in without ever getting caught.
What these small businesses risk by not staying up-to-date with security software, properly employee training, and other shortcomings, is opening themselves up to automated brute force attacks. Small and mid-size businesses generally choose their own security policies; in the case of easily remembered passwords, while these can be convenient for employees, they make it easier for attackers to gain access through common login credential dictionaries.
There is no one size fits all solution for cybersecurity. Applying a set of best practices that worked for another company in hopes it will work for you too is unrealistic. There will always be threats coming from different angles in search of various information. The best we can do is stay aware and implement precautions best suited for specific company needs. To figure out what exactly “best practices” means for you, it’s recommended to start by running a security risk assessment. Regardless of size, it’s crucial to have your assets prioritized and a company-wide understanding of what your confidential policies are. Educating employees on what company passwords should include, warning signs to look out for, and social media sites and applications that should be avoided when on company WiFi are all simple tasks that can make a world of difference. On a higher level, migrating your IT to the cloud and dividing your hard drives between personal and production can decrease your vulnerability.
As technology continues to improve, the capabilities of cyber attackers will as well. It’s important for businesses of all sizes to stay vigilant and always account for the worst possible scenario. It’s troubling to admit, but in our hyper-connected world, no one is totally safe from the threat of a cyber attack. Working to improve with even the most basic security tips now will save you a lot of stress later.
Brian Thomas is a contributor to Enlightened Digital, long-distance cyclist, and lifelong advocate for women in business from Philadelphia. Tech and business are his lifeblood, but he’s also a fanatic of brewpubs and just about every sports team in Philadelphia.