Most Small Businesses Pay The Ransom

Are you willing to pay the piper when it comes to cyberattacks?

Despite the growing number of cyberattacks on small- and medium-sized businesses, there is still a lack of awareness or proactive defense of the networks, computer systems, applications and devices being used. This inattention means it’s even easier for criminals to attack your business by worming their way into your data, stealing it and threatening to expose it. Other cyberattacks target the business itself, making systems and websites inoperable, costing businesses millions in the process.

Freeing the data or access often means paying a ransom, usually in the form of Bitcoin or some other cryptocurrency that’s impossible to trace.

How Much of an Issue is Cybercrime?

When it comes to cyberattacks on small businesses, the reality is, if you haven’t already been attacked, you will be. What matters is that you have the security protocols in place to make sure your business withstands these attacks and is not victimized by intruders looking to do harm.

The scope of cyberattacks, especially on SMBs, is staggering.

According to the 2018 HISCOX Small Business Cyber Risk Report, almost half (47 percent) of small businesses suffered a cyberattack in the previous year. Of those attacked businesses, 44 percent encountered a second, third or fourth attack. Eight percent had five or more attacks.

Yet the report shows a paradox. Business executives surveyed identified cyberattacks as one of their top two concerns, along with fraud. Sixty-six percent said they were concerned or very concerned about cyberattacks.

However, among those executives, the majority haven’t taken even basic steps to protect their businesses.

What Does a Cyberattack Mean to My Business?

If you do not invest in cybersecurity measures, you are a sitting duck. That means you’ll have to pay a ransom when your business is attacked. You will incur costs as well, including steps to identify and eradicate the intrusion, notify customers and regulators and pay for deep web monitoring or credit monitoring.

What is that financial cost? According to HISCOX, it’s $34,600 for small businesses. The 2018 Cost of a Data Breach Study: Global Overview conducted by the Ponemon Institute shows that among SMBs and enterprises, the worldwide average total cost is $3.86 million. The costs are increasing each year, too.

The Ponemon study shows some of the other inherent threats and disruptions a data breach can bring upon your business. Among key factors influencing the cost of a data breach, according to the study, are:

• The unanticipated loss of customers after a data breach is reported. Organizations that have established institutional trust and offer identity protection to victims are more successful in retaining customers.
• The scope of the breach and the number of records lost or stolen. Ponemon calculates the per-record cost at $148.
• Time. The longer it takes to discover the data breach and contain it, the more costly it is to the affected business.
• Scope of remediation. When an attack is discovered, your business is going to incur expenses it didn’t plan for, including for independent investigators, forensic analysis, auditing services, crisis PR management and continuing brand and reputation repair initiatives.
• Service needs. These included the demands for help desk services, marketing and communication, distribution of new account information or credit cards, legal costs, regulatory investigations and fines, product and service discounts to retain customers and increased insurance premiums.

The costs, both real and impressionistic, can cripple a small business that does not have the resources to recover from a cyberattack.

What Should Our Business Do To Protect Itself?

Protection begins with a thorough assessment of your systems and procedures to determine where there are vulnerabilities that need to be addressed. Working with a qualified managed service provider, you can understand where the exposures are and plan to fix them.

Your managed service provider will want to look at several components, including:

• Network security that’s based in next-generation firewalls to identify and contain unwanted activity
• Automated solutions to update anti-malware applications and install updates and patches
• Policies regarding access, password protocols and authentication

With the proper security in place, you can avoid paying a ransom and putting your business at risk.

Author: Joe Martin, Date: 2019-05-16