(Editor’s note: This is the seventh installment of a monthly column on the growing number of cyberthreats facing businesses of all sizes and what they can do about it. See previous installments here.)
With the possibility of a recession looming on the horizon, small- and medium-sized businesses are likely planning strategies on how they will navigate the negative effects a poor economic outlook might bring about.
As part of those strategies, many businesses may be looking to reduce spending, and my fear is that cybersecurity investments might be an area singled out for cuts.
In our modern hyper-connected world, organizations of all sizes depend on technology to operate. We communicate with clients, manage employees, collect information, sell, market, and provide your goods and services to customers. Any threats to these systems and data present significant risks to the long-term resilience of a business. We are challenged with an ever-advancing threat landscape that is getting more difficult to protect. Like all businesses, small- and medium-sized ones must invest in cybersecurity and make it fundamental to their strategies.
There is no denying that cybersecurity is critical for all businesses, but small and medium-sized companies are especially vulnerable. The National Cybersecurity Alliance recently released data that showed 43% of cyberattacks target small and medium-sized businesses and that number is steadily rising.
Why? Because cyber threat actors are opportunistic. While some are driven by malicious intent, simply looking to disrupt your business, others may be affiliated with nation-state organizations working for foreign governments targeting you for political gain. But the biggest threat most businesses face is attackers driven by money. No matter their intentions, they all achieve their missions in a similar fashion: by disrupting your business and stealing your data. In the end, it’s not the size of your business that makes it valuable to criminals, it’s how vulnerable you are.
Small and medium-sized businesses are at higher risk because there are fewer resources that can be dedicated to managing risk, or they may not have the right expertise on staff. Only half of small and midsize businesses have even the beginnings of a cybersecurity plan in place. Now marry that with recent data that shows that over the last 12 months 42% of small businesses were severely impacted by a cyberattack. These are staggering figures.
Threat actors may not even consider your business the end goal. These cybercriminals could be using your organization as a conduit to attack your clients.
The consequences of a successful cyberattack on a small and medium-sized business can be devastating. Reports from the U.S. Small Business Administration say 60% of small businesses that fall victim to a cyberattack end up going out of business within six months. We also know that the financial pressure of a breach can be overwhelming. I have seen accounts of the costs of a data breach for a small business range between $100,000 to $1.24 million. And these figures do not include medium-sized businesses.
Cybercriminals are getting more sophisticated every day. We are in the midst of a cyber war that is shocking our economy. Every organization is in the crosshairs. Cybercriminals can be part of syndicates of organized crime. They operate in black markets selling tools, ransomware, access to your systems and your data. These criminals can hold your systems and data hostage and will blackmail your organization.
We always hear economists say that small and medium-sized businesses are the backbone of our economy. For that same reason, they are a high-value target for cybercriminals. By taking proactive steps to become a more resilient organization, the owners of these businesses can be more confident that they are mitigating modern crime risks.
Remember that the financial burden of a cybersecurity breach will always be much greater than the preventative investment of stopping one.
Next month: The cybersecurity skills gap and how organizations can overcome that challenge.
(Jason Albuquerque is the chief operating officer of Pawtucket-based Envision Technology Advisors LLC. You can reach him through www.envisionsuccess.net.)
