Convergence of Global Sustainability Standards Reinforces Importance of ESG InitiativesRead More
October is Cybersecurity Awareness Month. What does that mean for you and your business? According to a recent CNBC article, Cybersecurity issues plague many businesses. In particular, there are grave issues for small business where “43% of cyberattacks are aimed; but only 14% are prepared to defend themselves.” As a result, “these incidents now cost small business $200,000 on average” according to Hiscox insurance, “with 60% of them going out of business within six months of being victimized.” Not surprisingly, “more than half of all small businesses suffered a breach within the last year.”
It is nearly guaranteed that virtually every modern organization's network and systems will eventually be breached. It's no longer a matter of considering if security threats will arise, rather thinking in terms of when. Defense is key. Many organizations cling to a false assurance that firewalls, updated anti-virus software, and user security awareness are “good enough.”
Frankly, there are too many great companies that have significant investments in cybersecurity technology, people, and processes that have been subjected to major cyber attacks or data breaches. How is this possible? Technology, people, and processes are fallible. When technology is misconfigured or a new vulnerability is discovered, threat actors have an opportunity to exploit those vulnerabilities. Employees have a role in defense as the discerning human firewall, but nobody is perfect. Phishing is the single greatest threat to organizations. The onslaught of unsolicited, credible, but malicious emails are opened and links are clicked. It takes seconds for the contamination to occur. Furthermore, good cyber hygiene processes fall short under the volume of patching and maintenance needs competing for already busy IT personnel or highly trained security professionals.
When preventive and protective controls fail, it is important to ascertain if your company has capabilities to detect malicious activity to contain the threat and minimize the impact of the intrusion. According to the 2019 Verizon Data Breach Investigation Report 41,686 security incidents were analyzed, of which 2,013 were confirmed data breaches. One significant takeaway is “the time from the attacker’s first action in an event chain to the initial compromise of an asset is typically measured in minutes.” However, the time to discover the compromise is more likely to be months – “56% of breaches took months or longer to discover.” Delayed discovery delays response.
In the words of Jim Collins, “good enough is the enemy of best.” What’s best for your company is relative to its risk appetite and budgetary wherewithal. SMBs typically have a low risk appetite coupled with limited budgets and could stand to be better than status quo. With this in mind, we have developed two specific services for SMBs to be better:
Regardless of company size, UHY Consulting has cybersecurity solutions that will help assess cyber risks and improve cybersecurity posture. Are you prepared?