Sean McGrath, privacy expert and cybersecurity advocate at BestVPN.com
The cybersecurity breaches that make the headlines tend to focus on household names – the likes of Uber, Equifax, HBO, Facebook and friends. But these global players are only the tip of the iceberg. The fact is, the majority of cybercrime is directed towards individuals within small and medium business. Recent estimates suggest that almost half of all cyberattacks are directed exclusively at small businesses.
While the velocity and volume of attacks increases exponentially each year, the true cost of a significant data breach is consistently high. According to Ponemon Institute’s recent study for IBM, the average cost of data breach in 2018 for companies worldwide was $3.86 million. In the US, the figure was closer to $8 million and it took an average of 196 days to identify a breach. These figures are, of course, skewed by enterprise organizations, but the real-world fallout for SMBs is just as dire.
In 2015, Dr. Jane LeClair, chief operating officer at the National Cybersecurity Institute at Excelsior College claimed that more than half of all small businesses that suffer a significant cyberattack will go out of business within six months as a result. As well as the direct financial loss, the damage to reputation is often simply insurmountable for small businesses and startups/
And as ever more assets becoming digitized, the attack surface for malicious actors grows exponentially. It is estimated that more than 80% of the value of Fortune 500 firms is tied up in intellectual property (IP) and other intangibles. The risk for organizations is great, the opportunity for criminals is vast and, as painful as it is to admit, the bad guys are winning.
An IT-literate workforce will introduce new threats and SMBs will need to adopt enterprise-grade cyber-security policies to mitigate them
It seems cliché to say these days, but the biggest risk to businesses of all size remains its employees. You can secure endpoints, encrypt data at rest and in transit and put up firewalls until the cows come home – all it takes is one employee to bypass the protocols and processes and it’s game over.
The consumerization of IT is a very real phenomenon that we have witnessed over the past decade. We use technology on a minute by minute basis. It is sown into the fabric of our daily lives. Even our children seem to be born with an inherent understanding of how to interact with an iPad.
While these are fascinating times for the technologists amongst us, the consumerization of IT presents a credible threat to organizations of all sizes. Business users now expect the same intuitive experience and functionality that they have become accustomed to. And if they don’t get it… well they just use their own tools and solutions.
In 2019, SMBs will likely need to adopt similar policies and solutions to those being rolled out by larger enterprises if they are to combat shadow IT. This will include the likes of Bring Your Own Device (BYOD) policies and off-the-shelf mobile device management (MDM) solutions. There will also be a growing appetite for enterprise cloud app stores, with a range of vetted and sanctioned SaaS solutions available for line-of-business users.
Encryption will grow in importance
To date, many small organizations have a rather gung-ho approach to data management and aren’t fully aware of what is coming in and what is going out of the business. With the points of attack growing exponentially, 2019 will see a need for SMBs to focus their efforts on robust encryption practices, for both data in transit and data at rest.
Ensuring data is fully protected starts with the identification of data that the organization processes, stores and transmits. In the European Union (and for any US companies with customers in the EU) this should have already been done in order to ensure compliance with the pan-European data protection legislation (GDPR). Once an organization understands how and what it stores/processes/transmits, it becomes possible to determine the level of encryption protection required and what solutions to use.
The mobile threat will grow
Malware campaigns have targeted mobile users since the dawn of the app store. The Google Play store in particular is under siege. There were 30,000 more fake apps in Google Play store in 2018 than there were the year before and this figure is only set to increase in 2019. Meanwhile, mobile banking malware nearly doubled in 2018 while mobile ransomware surged 415%.
A recent Check Point study claimed that every single organization is under some form of mobile attack. The research demonstrated that all businesses across all regions and industries, on both Android and iOS platforms, were facing persistent threats.
With mobile malware authors looking for new ways to monetize their efforts, and the rise of app-based banking, 2019 will likely see ransomware attacks on mobile platforms increase further.
In order to combat these threats, SMBs will have to take an entirely more holistic approach to managing their mobile estate, taking into account mobile device management, mobile application management and device-level antivirus solutions.
About the Author
Sean McGrath is a privacy expert and cybersecurity advocate at BestVPN.com, a security service comparison platform in the U.K. Not only does BestVPN.com review and compare VPN services to help all users of technology choose the best services to enhance their internet privacy and security, but the company also educates users on the best ways to stay safe online, with guides for everyone from novices to technical experts and provide up-to-the-minute news on cybersecurity and online privacy matters, and support efforts to educate people on the latest related legal developments.