Think hackers aren’t targeting your small business? Think again.
The fallout from the massive data breach of controversial website Ashley Madison probably still hasn’t hit rock bottom.
The names and email addresses, as well as more sensitive information, of about 37 million Ashley Madison customers were exposed after malicious hackers published the information on a dark web forum. The consequences of the Ashley Madison breach are potentially devastating for Ashley Madison’s clientele, and the company is facing serious fallout as well, including class-action lawsuits and incalculable damage to its brand.
Leaders at many small and mid-sized businesses (SMBs) might be thinking, “I don’t need to worry about a data breach — no one is interested in attacking my business.”
I have bad news for SMB leaders who think that way– you’re wrong. Too often, SMBs don’t have the necessary protection from common security threats, which makes them low-hanging fruit for cybercriminals.
The Threat is real, but SMBs can’t react
In 2015, 74 percent of small businesses experienced a security breach. According to the U.S. Department of Homeland Security, cybercriminals go after small businesses’ bank accounts more than any other sector. SMBs are frequently targeted by cybercrooks using sophisticated but known tricks like phishing and fake invoices with the hope of scamming these businesses out of millions of dollars.
The costs of these security incidents can be staggering. A recent study from the Centre for Economics and Business Research (CEBR) found that data breaches cost UK businesses £34 billion a year, both from lost revenue (£18 billion) and added security measures after breaches occurred (£16 billion).
It’s the same all over the world. According to a 2015 Ponemon Institute study commissioned by IBM, the global average cost of a data breach has reached $3.8 million – $154 for every compromised record. It’s significantly higher in the U.S. and Germany, where the costs are $217 and $211 per compromised record, respectively.
But how do SMBs react? Although more than 95 percent of businesses are considered small or medium-sized, almost all security solutions are designed for enterprise businesses with large IT departments and big budgets. Many of these security products are just too complex and costly for a resource-strapped SMB.
To protect themselves, many SMBs use a patchwork of multiple products that defeat separate elements of the threat. But these are often improperly managed because these small businesses don’t have the time or expertise to create a proper web of protection. The result is a disjointed and ineffective security network that puts IT managers and security budgets under even tighter scrutiny.
Creating smarter, not fragmented, protection
Instead of layering the newest threat protection onto a patchwork of security programs, IT should think about a system of joined-up security. To stop complex threats, organizations need security products that work together as a system to protect the end user and corporate data.
These joint security solutions stand up to threats by evolving, integrating new protection technologies into existing agents and consoles, and sharing threat intelligence and policies across different points of protection. Because security breaches are often the result of simple oversights that cybercriminals exploit, a smart security framework is integrated, coordinated, and context-aware. And as we have noted, this is especially critical for SMB organizations that typically lack dedicated IT security personnel.
Ultimately, an integrated IT security framework will reduce costs and improve security at the same time, simply by requiring fewer products to procure, deploy, manage, and maintain.
Security: It’s more than just services
It’s not enough to have the right security products in place. Organizations also need education and training to help employees understand the simple steps they can take to secure themselves and the business as a whole. Educating your employees about better passwords and how to identify scams are two simple steps organizations can take to beef up their security.
The threat of hacks and malware attacks is forcing IT staffs to think and act in a more synchronized way. Joined-up security frameworks do exactly that, creating a smart security network that can push out protections and policies to all access points, and easily integrate improvements into the system. With smart investment in the education of staff and products that work better together, small and medium-sized businesses reduce the risk of breaches without excessive costs.
Chris Weeds is the Director of Product Marketing for the Network Security Group at Sophos. He is responsible for delivering product positioning, messaging and marketing strategy, worldwide sales and channel enablement, awareness and demand generation programs for the company’s Next-Genertion Firewall, UTM, Web and Email products and services. Chris has been with Sophos for 14 years.