This is the third segment of a four part series devoted to helping small businesses understand cybersecurity and some of the steps that they can take to protect themselves. Small businesses are more susceptible to cybercrime simply due to the nature of the beast. Owners are embedded in the operations and success of the business and typically don’t have the additional staff to monitor and control potential breaches. It is this very reason that cybercriminals want to focus their devious activities and by knowing the methods and what to look out for, you can participate in your own security protection.
Smallbiztrends.com published the following information and every small business owner should read and take heed:
Overall Statistics for Cyber Security for Small Businesses:
- Of all of the cyberattacks, 43% target the small business.
- Small businesses are very vulnerable to cybercrime and these attacks are highly effective. Only 14% of small businesses indicate that they have any ability to reduce or stave off cyber risks.
- Loss after a cyberattack includes both reputation and financial and 60% of small businesses go out of business within six months of an attack.
- Data system breaches due to acts of malicious intent count for 48% with system failure or human error accounting for the rest.
- Small business owners that are concerned about the security of their data rate: 66% for customer records, 49% for intellectual property, 46% for customer debit or credit card information, 26% for financial information, 8% for employee records, 5% for business correspondence and 1% for ‘other’.
Small businesses are not only at high risk but many have already been attacked:
- In the twelve month period from May, 2015 to May, 2016, 55% of small businesses indicated that their companies experienced some form of cyberattack.
- In the same period, 50% stated that the data breaches involved employee or customer information.
- The cost for post-breach conditions can be devastation, as the average expenditure due to cybercrime damage or theft of IT assets was $879,582 and disruption of operations added an additional $955,429 cost.
Cyberattacks on small businesses can be divided into the following types:
- 49% web-based attack.
- 43% social-engineering or phishing.
- 35% general malware.
- 26% SQL injection.
- 25% stolen or compromised devices.
- 21% denial of services.
- 14% zero day or advanced malware.
- 13% malicious insider.
- 11% cross-site scripting.
- 2% ransomware.
- 1% ‘other’.
The main causes for a system breach or attack in the small business arena include:
- 48% negligent contractor or employee
- 41% third party mistakes
- 35% error in operating process or system
- 32% unsure
- 27% external hacker attack
- 5% malicious insider
- 2% ‘other’
The Disconnect Can Destroy Your Business
Although 58% of small business owners have expressed concern about cyberattacks only 51% have set aside any budget to accommodate risk mitigation. There is also a ‘disconnect’ as many simply don’t feel that they have any valuable data that a cybercriminal would be interested in. However, a majority do store customer information that is of value to criminals including storage:
- 68% have email addresses
- 64% have phone numbers
- 54% have billing addresses.
Lack of security attention could be disastrous
Small businesses are incredibly busy, but the fact that so few are paying attention to their security issues makes them easy targets for cybercrime. They report that only:
- 38% have any form of regular software upgrade solutions.
- 31% bother to monitor the credit reports for their business.
- 22% have databases that are encrypted.
- 65% don’t enforce any company password policy, if they have one at all.
- 16% admitted that reviewed their security situation only after they had been attacked.
- 75% have absolutely no cyber risk insurance.
Da Vinci Forensics is the frontline defense in advising, counselling and working with your small business to ensure that you have the highest level of protection. Our goal is to bring a level of expertise in risk analysis, software and hardware recommendations and coordinating training with all staff so that you can have a successful company knowing that you security is being monitored.
DaVinci Forensics Team