Facebook, Under Armour, Panera—when people think of data breaches, it is the largest companies that tend to stand out in the lasting public awareness. Although these brands experienced historic levels of data corruption and loss, their prominence tends to overshadow the bulk of cybercriminal activity which, more often than not, focuses on small and medium sized businesses (SMBs). This takes place for any number of reasons—SMBs may feel immune to cybercriminals and do not take necessary technical precautions. Others lack a designated in-house or outsourced IT department. Whatever the scenario, Cisco's year-in-review demonstrates just how dangerous this sense of immunity continues to be for SMBs.
In their report, Cisco outlined breach rates for both SMBs (< 250 employees) and mid-market businesses (250 - 499 employees). In 2017, 59% of mid-market companies experienced a data breach. For those businesses affected:
- 29% reported costs of less than $100,000
- 20% assessed financial damage between $100,000 and $2,500,000
Cisco reported that over half (54%) of all attacks resulted in financial damages upwards of $500,000, factoring in lost revenue, customer churn, missed opportunities, and out-of-pocket costs. When researching SMB response time, Cisco found that, in the event of prolonged lost access to critical data:
- 50% of companies would be unprofitable within one month
- Only 35% would be profitable for more than three months without critical data
SMBs are also now being referred to as "soft targets"—launch pads for larger cybercrime campaigns. Because SMBs typically have a less robust security infrastructure, they are more likely to pay ransomware, while providing adversaries practice and conduits for new strains of malware.
The Biggest Threats
In the past year, 39% of SMBs reported that half, or more, of their systems had been affected by a data breach. Of those affected, 40% reported downtime averaging 8+ hours. So what was the cause for concern? The biggest threats for SMBs remain:
Targeted attacks against employees, such as carefully engineered phishing campaigns (79%)
Advanced malware (77%)
There has also been a noticeable upswing in cryptomining, with malicious software delivered through email-based spam campaigns. Cryptomining is highly lucrative, and with untraceable payouts, more SMBs are being found with mining software embedded in their machines and systems. Unlike ransomware, these "miners" tend to fly under the radar, although they can drive up energy use and cost, decrease efficiency, and place an overall drain on a business' systems. Over time, these effects quickly compound.
As more SMBs become aware of their desirability to cybercriminals, more are looking to overcome this vulnerability by seeking outside expertise. Cisco reported that:
- 53% wanted unbiased insight
- 52% were looking to optimize cost-efficiency
- 51% wanted to improve their response time to security incidents
Other top priorities included securing end-points, such as mobile devices, from advanced malware, bolstering web application security against attacks, and deploying intrusion prevention to counter network attacks and exploit attempts. As SMBs become increasingly reliant on AI, Automation, Machine Learning, and the cloud, they will need to continue taking proactive measures to ensure that security remains a top investment.
By partnering with an experienced, trustworthy IT provider, SMBs can ensure their business' safety, while freeing up time to plan for the future. For more information about iCorps' enterprise-class protection, contact an expert today.