Data Breaches and Cybersecurity
Sometimes clients know why they might be targets.
Banks, for example, have been targets long before they went digital. However, many small companies wonder why would they be a target for hackers.
In an interview with Sue Marquette Poremba of IT Business Edge, James Strickland, CEO of Veridium, gives us “Four Reasons Why Data Breaches Continue”:
- Hackers target large corporations and individuals alike
- Passwords are broken
- Digital property is increasingly becoming popular
- Hacking evolves faster than security
There is a lot of truth here, but more fundamentally:
- Someone is always trying something to get an edge
- Hackers try everything on everyone all the time
- The weakest link will always be the one to break
Many managers and business owners believe “I’m too small to target;” hence, Strickland’s warning that hackers target large corporations and individuals.
Yes, hackers target banks and fortune 500 companies all the time. However, it may be useful for us to shift perspective and recognize that a lot of malware simply isn’t targeted at any specific entity; it is targeted at a specific weakness.
How “Break-Ins” Occur
Most malware is launched by automation and it simply attacks any system it can reach that is vulnerable to that weakness. Automated bots scour the internet for open ports and ISP addresses that are vulnerable.
Ransomware is fired off against purchased email lists, and invades the network as soon as someone clicks on the infected links or files.
It’s not personal. It is the modern-day equivalent of a burglar walking down the street and checking every door to see if it is locked. Guess what happens if you forgot to lock the door that day…
Operating system patches are the new locks, and antivirus software becomes the new security guard for your computer system. But that doesn’t mean you can simply ignore older styles of attacks – some new hacker, somewhere, is just learning to master the old attacks.
Ransomware, for example, has been popular for over a decade, according to Ryan Francis’s “The History of Ransomware” in CSO magazine. It only gained prominence in the past few years with the massive scale of attacks possible after it was combined with a technology that had been quiet for years: a worm virus.
Doors Unlocked and Open
We all know the big-named companies that made the news, but most attacks are not big enough to warrant news coverage and lull small business owners into a false sense of security.
As reported by Dawn Kawamoto of Dark Reading, an Intermedia report revealed that “a whopping 59% of employees who have sustained a ransomware attack at work personally paid the extortion money… the average ransom paid was approximately $1,400.”
Employees are embarrassed and often try to hide their shame. But if no one tells IT about the attack, the organization still has an open door!
In a seemingly never-ending cycle, security vendors try to lock down vectors of attack and hackers try to develop new ones or break existing security.
The next big vulnerability will be the one no security vendor was able to predict – but that doesn’t mean you need to be a victim.
Improving Your Cybersecurity
Here are 4 cybersecurity tips for the mildly paranoid (plus 3 for the truly anxious):
- Always assume there is a vulnerability – you are never 100% safe
- Train employees in cybersecurity principles
- Keep up the basics of security hygiene (updates, firewalls, anti-malware)
- Work with your internal teams and external experts (such as Ideal Integrations and Blue Bastion) to develop multiple layers of defense to delay or reduce malware and hacker damage. Should a hardware store have the same protection as an international bank? No. Add protection in proportion to the value of what you need to protect and where you need to protect them. Protection can also offer other benefits (compliance, personal information protection, full segregation of work and personal information, etc.)
- Keep a backup of all your data
- Monitor the network continuously to identify rogue devices and secure your network with multiple layers of protection (Ask us about our Managed Detection and Response service).
No matter the size of your business, hackers are working overtime to find a way in. Not to be too paranoid, but the vulnerabilities you missed will be the ones where you get hit… Let us help you check your network’s doors and windows.
The Right Support
Are you concerned about a cyber security breach? Do you have an incident response plan in place?
On average, it takes over 190 days to identify a data breach, and another 69 days to contain it.
Companies that contained a breach in 30 days or less saved over $1 million, compared to those that took over 30 days to resolve the issue.
It takes the right plan with the right team to keep your business safe and secure. When it comes to small businesses and cyber security – we’ve got you covered. Whether you have five employees or 500, we’re by your side.