Cyber-attacks are at an all-time high, and no one is safe. Instances of cyber-crime such as data thefts, cyber-espionage and DDoS attacks are now daily occurrences. Considering the spate of high profile attacks over the last two years which has included corporate giants such as Sony and government big-wigs such as NASA, it is only a matter of time before a determined hacker can breach into any network. The U.S. Cyber Command estimates about 42,000,000 cyber-attacks or probes by hackers every week. Antivirus firm Symantec estimates the direct cost of such attacks at $338 billion a year, excluding the theft of intellectual property and damage from data breaches. The combined loss mounts to well over $1 trillion when factoring in theft of intellectual property.
Impact on Small Business
Small Business may not face the same magnitude of threats that a large and visible corporation faces, but they are by no means immune to cyber-threats. Moreover, even if the magnitude of the attack is smaller, the effects can be devastating. Security major Symantec estimates that cyber attacks cost small and medium-size businesses $188,242 on average, and that two out of every three victims in this category cannot recover from such attacks, and are forced out of business within six months of the attack.
The range of cyber threats faced by small businesses include:
Security major Symantec and the National Cyber Security Alliance (NCSA) estimate that 71 percent of small businesses are dependent on the internet for daily operations. Yet 83 percent of them have no formal cyber security plan, and 69 percent of them lack even an informal one. One out of every two small businesses believes that data hacks are isolated incidents that will not impact them.
Protecting against cyber-risks takes many forms. The most common ones are:
Apart from the required combination of one or more security deployments, businesses also need to:
There is no one size fit all approach to cyber-security. A multi-layered approach to security is any day better than depending wholly on any single security solution, but organizations need to conduct a thorough risk assessment to identify the weakness and specific threats that they face, and deploy the security measures that would best protect against such threats.
The Right Approach
Cyber security is continuously evolving and dynamic. It is not enough that the organization conducts a risk assessment, and invests in the most appropriate defenses. Cyber-criminals always refine their modus-operandi to remain one up on security. Cyber-security is an ongoing task, and the most effective security requires regular patch updates, periodic security audits, and reassessing the security deployments in place frequently to ensure that it aligns with the business practices.
A case in point is the rise in mobile virus. Cyber criminals are now increasingly targeting mobile devices, especially as the busy executive, on the move, logs in from a public or unsecured wi-fi. Symantec estimates a 58 percent increase in mobile malware from 2011 to 2012, and one out of every three mobile virus aim to steal information. Unless the cyber security policy recognizes such a threat, the heavy investment in protecting in-house systems becomes worthless.
Cyber security makes good business sense. A cyber attack, even if it leaves the organization’s infrastructure unscratched, can cause severe erosion of reputation, which would do medium to long-term damage. Most people prefer doing business with a company known for their good security practices, with the confidence that their data and systems would remain safe.