skip to main content



October is Cybersecurity Awareness Month. What does that mean for you and your business? According to a recent CNBC article, Cybersecurity issues plague many businesses. In particular, there are grave issues for small business where “43% of cyberattacks are aimed; but only 14% are prepared to defend themselves.” As a result, “these incidents now cost small business $200,000 on average” according to Hiscox insurance, “with 60% of them going out of business within six months of being victimized.” Not surprisingly, “more than half of all small businesses suffered a breach within the last year.”

It is nearly guaranteed that virtually every modern organization's network and systems will eventually be breached. It's no longer a matter of considering if security threats will arise, rather thinking in terms of when. Defense is key. Many organizations cling to a false assurance that firewalls, updated anti-virus software, and user security awareness are “good enough.” 

Frankly, there are too many great companies that have significant investments in cybersecurity technology, people, and processes that have been subjected to major cyber attacks or data breaches. How is this possible? Technology, people, and processes are fallible. When technology is misconfigured or a new vulnerability is discovered, threat actors have an opportunity to exploit those vulnerabilities. Employees have a role in defense as the discerning human firewall, but nobody is perfect. Phishing is the single greatest threat to organizations. The onslaught of unsolicited, credible, but malicious emails are opened and links are clicked. It takes seconds for the contamination to occur. Furthermore, good cyber hygiene processes fall short under the volume of patching and maintenance needs competing for already busy IT personnel or highly trained security professionals. 

When preventive and protective controls fail, it is important to ascertain if your company has capabilities to detect malicious activity to contain the threat and minimize the impact of the intrusion. According to the 2019 Verizon Data Breach Investigation Report 41,686 security incidents were analyzed, of which 2,013 were confirmed data breaches. One significant takeaway is “the time from the attacker’s first action in an event chain to the initial compromise of an asset is typically measured in minutes.” However, the time to discover the compromise is more likely to be months – “56% of breaches took months or longer to discover.” Delayed discovery delays response. 

In the words of Jim Collins, “good enough is the enemy of best.” What’s best for your company is relative to its risk appetite and budgetary wherewithal. SMBs typically have a low risk appetite coupled with limited budgets and could stand to be better than status quo. With this in mind, we have developed two specific services for SMBs to be better:

  • Malicious Activity Assessment – a non-intrusive, diagnostic service to monitor your network and computing devices for malicious activity that has overcome preventive controls and has not yet been detected. For example, intruders lurking in your network and reading your email or exfiltrating data. This service allows for 24 x 7 team of security operations personnel to review network traffic and alert for unusual activity that should be investigated. Our team escalates our discoveries to your point of contact to warn of potential incidents and recommended responses to disrupt or contain the threat.
  • Rapid Response – an incident response service dispatched to your company to assist in disrupting and containing damaging cyber attacks. For example, a ransomware attack or business email compromise that tricked your staff into urgently paying fictitious invoices or wiring money to the wrong account. This service works in cooperation with your point of contact to navigate the cyber incident(s) and collect forensic data to assist law enforcement, insurance claims, and remedy root cause issues.

Regardless of company size, UHY Consulting has cybersecurity solutions that will help assess cyber risks and improve cybersecurity posture. Are you prepared?

Hide Firm Disclaimer


UHY LLP is a licensed independent CPA firm that performs attest services in an alternative practice structure with UHY Advisors, Inc., and its subsidiary entities. UHY Advisors, Inc.’s subsidiaries, including UHY Consulting, Inc., provide tax and business consulting services through wholly owned subsidiary entities that operate under the name of “UHY Advisors” and “UHY Consulting”. UHY Advisors, Inc., and its subsidiary entities are not licensed CPA firms. UHY LLP, UHY Advisors, Inc. and UHY Consulting are U.S. members of Urbach Hacker Young International Limited, a UK company, and form part of the international UHY network of legally independent accounting and consulting firms. “UHY” is the brand name for the UHY international network. Any services described herein are provided by UHY LLP, UHY Advisors and/or UHY Consulting (as the case may be) and not by UHY or any other member firm of UHY. Neither UHY nor any member of UHY has any liability for services provided by other members.

On this website, (i) the term "our firm", "we" and terms of similar import, denote the alternative practice structure conducted by UHY LLP and UHY Advisors, Inc. and its subsidiary entities, and (ii) the term "UHYI" denotes the UHY international network, in each case as more fully described in the preceding paragraph.