The first 2021 breach reports are being released, and although news across the board is not encouraging, small and medium-sized business (SMB) owners should be especially concerned. Verizon’s 2021 Data Breach Investigations Report sums up the situation in grim detail. Of the 5,258 confirmed data breaches Verizon’s analysis identified in 2020, more than 1,000 of the confirmed incidents were within SMBs.
Furthermore, 263 of these incidents had confirmed data disclosure, as compared with 307 incidents among larger firms. These figures are alarming, as they show SMBs are reaching parity with their much larger brethren regarding data disclosure. In the 2020 report, confirmed disclosures among SMBs were fewer than half the number experienced by large organizations.
Why are attackers targeting smaller firms, which logically will have fewer resources to steal? The answer is access, plain and simple. SMBs are less likely to have strong cybersecurity protections in place, and attackers know this. A study conducted in 2020 found that a third of SMBs are using free, consumer-grade cybersecurity tools and a fifth of them have no endpoint security, at all.
Additionally, hackers recognize that SMBs may have vendor or client relationships with larger entities. That makes them likely either to house the confidential data of larger organizations or to be connected to them via a network. No one knows this better than the U.S. government, which experienced an array of attacks after cybercriminals gained entry through a vulnerability in a vendor’s system.
To put it simply, SMBs are lucrative targets, whether directly or as an entry point. The question then becomes, what should SMB owners do about it? The short answer is to develop a plan and get protection, now. Not only do SMBs need a strong cybersecurity defense; they should also be able to restore their data in the event an attacker gets through. Cybercriminals almost always attempt to lock down company resources and demand ransom. Most succeed.
As the U.S. Cybersecurity and Infrastructure Security Agency (CISA) notes, “Ransomware has rapidly emerged as the most visible cybersecurity risk playing out across our nation’s networks.” No company or entity is immune to attack. Protections we recommend include:
- Backup data, system images, and configurations frequently and ensure they are redundant.
- Update and patch systems frequently.
- Deploy strong cybersecurity and keep it up to date.
- Educate your personnel to make smart choices (85% of breaches involve a human element).
- Keep tabs on ransomware events and apply the lessons other companies learn.
If this sounds like a lot of effort, that’s because it is. Shrewd business leaders recognize this and turn to Novatech. We have done the hard work of developing a 15-point cybersecurity program that helps business leaders cover all these bases, and more. We also have cybersecurity experts on staff.
Global ransomware damage costs are predicted to reach $20 billion by 2021 (57 times higher than in 2015), with a business being attacked every 11 seconds. Furthermore, the average cost of ransomware remediation is now approaching $2 million — 10 times the average cost of the ransom itself. It’s no wonder some companies are giving in and paying ransom.
Rather than resigning yourself to that possible outcome, we have a better idea — work with us to extricate your firm from the high-risk category. To learn more, call 800-265-0637 or start a live chat with one of our experts at https://novatech.net/contact-us/.