Cyber Security Threats Facing Businesses
In 2017, cyber-attacks cost small and medium-sized businesses an average of $2,235,000. Businesses of all sizes, in all industries face a growing range of cyber security threats. 60% of businesses say attacks are becoming more severe and more sophisticated. Companies must understand the barrage of threats coming from attackers to implement a comprehensive security plan that addresses their vulnerabilities.
Pressing concerns for small to large businesses include:
POS intrusions – While data mining from POS terminals has decreased in recent years, it’s still an area of concern.
Employee error – According to the Ponemon Institute, employee error is the top cause of data breaches. Of those who say their organization had a data breach last year, 54% say negligent employees were the root cause. 92.4% of malware is delivered via email. Until better training is implemented in workplaces, accidental employee error will contribute significantly to enterprise vulnerability.
Insider threat – While many employees who contribute to data breaches do so completely unaware, rogue employees with intent to steal data are a growing cyber threat.
Web app attacks – Malware, phishing, and stolen access credentials allow hackers to gain access to business assets via web app attack. The most prevalent attacks against smaller businesses are phishing/social engineering and web-based.
Internet of Things devices – Connected devices (from fitness trackers to automated access control systems) are projected to be a major gateway for data breaches in the coming years. Enterprises who want full protection must ensure connected IoT devices are covered by their cyber security plan.
Device loss and theft – From an employee losing a smartphone to a thief stealing a tablet, device loss and theft play a role in data breaches.
DDoS attacks – DDoS (distributed denial of service) attacks can shut down business websites for extortion.
How to Fully Protect Your Business From Cyber Threats
There is a huge gap between awareness and preparedness for cyber threats, with companies of all sizes playing catch-up to find and fix vulnerabilities. Understanding the range of threats is a first step to protecting your business from cyber threats.
Once you know what you’re up against, perform a thorough assessment of your networked security system to identify areas where you are protected and where you remain vulnerable. Look at all your businesses processes and the technologies, applications, and data that directly support these. The device most often compromised by ransomware is a desktop/laptop. Which applications are mission-critical to every department?
After you know what is absolutely essential to protect, dig into the hardware that supports these applications and the infrastructure that links everything. Map the devices that use your network, including employee laptops or smartphones. Each device on the network could introduce risk. Now you know what you need to protect in terms of infrastructure and devices.
Identify which controls are already in place protecting the infrastructure and note what’s not protected. These are your vulnerabilities.
Next, find ways to reduce vulnerabilities. Applying patches to software, protecting access control gates with internal firewalls, and updating legacy software to newer versions are examples of steps you can take to protect vulnerable data.
Communication is Key
In a time of crisis, a difficult but important challenge is providing information and instructions to all who need them. Which is why communications should be an integral part of your plan, beginning internally and extending outward to your key stakeholders, including everyone from your customers to law enforcement.
As with the plan itself, your communication system must be at-the-ready, easily available to all stakeholders, and optimized for delivery—a particular challenge when computer systems are down and given the variety of ways people receive and share information today. A streamlined yet multichannel approach is essential for everything from getting ahead of the story with the press to helping your customers gain access to the information they need to weather the storm.
One of the easiest ways to ensure rapid and consistent communication is through the use of a mass notification service like One Call Now. With the ability to send messages through text and phone in addition to email, you increase the chances of message delivery significantly in the event of a network failure. Additionally, it’s a cloud-based service so your contact information is accessible even if your internal systems are down. By integrating it with your contact database, you also ensure that your contact information is always up-to-date.
The reality of the matter is that cyber-attacks are not only happening, but sooner or later—and more likely sooner than later—one is going to happen to you. The takeaway for forward-thinking organizations? If you don’t yet have a cyber-attack response plan in place, or if you aren’t regularly revisiting your existing plan, the time to do so is now.