Many executives at small- and medium-sized businesses (SMBs) assume that they are too small to be of interest to hackers, or they rely heavily on their current information technology (IT) department to manage their cybersecurity needs and presume that they are protected. These assumptions result in an increasing trend of SMBs falling victim to cyber-attacks. According to Keeper Security and the Ponemon Institute, 66% of SMBs report experiencing a data breach in the previous 12 months. The average cost of these incidents in the United States, resulting from damage or theft of IT assets and disruption to normal operations, was $4.2 million.
A report from Alliant Cybersecurity stated that the recent transition to a remote work environment due to the COVID-19 pandemic has provided a wealth of opportunities for cybercriminals to exploit SMBs. One in five organizations deployed their employees without a clear policy to mitigate or prevent cybersecurity threats. Traditional IT departments, whether in-house or a managed service provider (MSP), are usually not equipped or trained to provide adequate design and oversight of a complete cybersecurity framework.
The reality is that cybersecurity is a very different business service than IT. IT is about improving and maintaining your business operations. Cybersecurity, on the other hand, is about enterprise risk management. While cybersecurity supports the goals of IT, its main concern is ensuring that employees’, clients’, and proprietary data are not compromised by cybercriminals. It is an ongoing process of implementing protocols to mitigate risk, evaluating potential vulnerabilities, and monitoring access to systems.
Just as companies budget for insurance and invest in physical security, they should also be budgeting for cybersecurity. For SMBs who cannot afford to supplement their IT team with a full-time cybersecurity consultant, a cybersecurity risk assessment can be the first step to identify vulnerabilities and build a roadmap for an ongoing mitigation and prevention plan. Companies that already have a robust cybersecurity framework in place should be conducting annual penetration tests. Note, regardless of the cybersecurity tools already in place, employees will always be the weakest link. Regular employee cybersecurity training is a must for every company.
The digital landscape is rapidly changing and cybercriminals are quickly adapting. Cybersecurity is no longer just a concern for governments and large companies. Cybersecurity planning and management can quickly overwhelm the skills and training of traditional IT professionals. Without a clear effort to assess, design, and manage a complete cybersecurity program, a cyber-breach is inevitable.
View Cybersecurity: Lessons from the Trenches (recorded November 12, 2020)
In this webinar, Windes and Bryson share real-life cybersecurity case studies. Individuals and companies should invest in learning best practices to avoid falling victim to the same scams and attacks.
For questions about Windes Cybersecurity services, please call 844.4WINDES (844.494.6337) or email us at advisory@windes.com.