By Terry Ingram and Michael Evans
In the first six months of 2019 alone, data breaches exposed more than 4.1 billion records. On average, 28% of small businesses experience data breaches each year, and up to 10% of these businesses are forced to close their doors as a result of the breach.
The cost of a data breach can have a substantial impact on businesses of any size, and understanding the potential cost of this breach is critical for businesses as they consider the cybersecurity measures they need to take to protect their businesses from. ransomware and other cyber attacks.
Financial cost of cybersecurity breaches
When a cybersecurity breach occurs, financial costs are the number one concern for many businesses, and the costs of many of these types of attacks, including ransomware, have skyrocketed in recent years. According to cybersecurity firm OSIbeyond, ransomware attacks alone cost small businesses an average of $ 84,000. Large organizations, or those hardest hit in an attack, can face even higher costs. In many cases, you can incur both immediate financial costs and ongoing financial costs as you work to restore your data and restore trust with your customers.
Within the groups of people who talk about cybercrime, there are thousands of conversations going on about specific cases (Cybersecurity Ventures estimates that globally, a ransomware attack occurs every 11 seconds). These discussions rarely make the news or the informational dashboards of small and medium business owners. However, there are times when a cybersecurity breach is so big that it makes the headlines, as was the case with the Colonial Pipeline ransomware attack. Were you ready if you lived in the Southeastern United States? People panicked, and depending on your region, it probably had a real impact on your business – and your personal life – by cutting back on energy.
If you were a specialist contractor and a key supplier was attacked, what would you do? It is almost impossible to be fully prepared for a cyber attack as it can be focused directly on your business or come through a vendor, customer or even your bank. We live in a connected economy linked through the Internet, and hackers are professionals who attack businesses large and small.
The dangers of a ransomware attack
There are three basic entry points where ransomware can disrupt your business operations: your technological connection with your customer, your own messaging system, and your technological connection with your suppliers. If you have customer-facing web servers for your e-commerce or VPN, you have a direct entry point through your customers for ransomware attacks. Second, ransomware can also arrive via spam email with attached Word or Excel files or Remote Desktop Protocol (RDP) brute force attacks. Third, there are companies in your supply chain who, due to their carelessness, may suddenly become unable to properly supply or reconcile with you due to a ransomware attack on their systems.
More articles by AllBusiness.com:
Frequently, a ransomware attack goes beyond locking down your data with the encryption in place. More often than not, the ransomware extracts the data and stores it in hacked cloud servers, then adds it to data from other sources (legal and illegal), then resells it to criminal groups who bid on those chunks of data. You can imagine that your payment and banking data resides on the providers’ servers and that your financial data will then be sold to other criminal parties. It is worrying to imagine all the sensitive data of your customers posted somewhere on the internet.
Until relatively recently, you’d think that just being disciplined with regular software updates, patches, and the latest antivirus software would adequately protect your business against ransomware and other threats. It was until December 2020 when, as the world focused on other things, we learned of a new source of infection from third-party vendors. Security experts discovered a highly sophisticated cyber intrusion that relied on commercial system management software. The Advanced Persistent Threat (APT) players put a backdoor into the SolarWinds application during vendor development, which means installing the product to defend against and manage against technology downtime actually created a capacity of interruption by the actors of the threat.
The persistent threat of ransomware and other cyber attacks is a clear and current danger to our business, financial and government systems. What can a small or medium business owner do to mitigate the risk?
1. Protect your entry points
Security and intrusion into websites, emails, user clicks, and malware (by many means, including insider threats) are all risky. Make sure your IT team, whether internal or external to your organization, takes security seriously. Provide employees with ongoing and active training on data security best practices, such as frequently changing passwords, knowing about spam and hacking practices, checking the validity of email messages. sender and never open an attachment unless you expect it to.
2. Discuss cyber threats with suppliers
Your business is your responsibility and protecting it sometimes requires you to have uncomfortable conversations with business partners. Ask your vendors what their cybersecurity protocols are and ask them to explain how they protect your data and what the plan is in the event of a cyber attack. Additionally, make sure you have a backup plan in place in case your major vendors are unable to function normally.
3. Publicly discuss cybersecurity
There is no doubt that your business has security procedures in place, but educating your employees on how to be on the lookout for spam, hacks, and ransomware is essential. Be active with your local, state, and federal political lawmakers and representatives on cybersecurity legislation. And if you are compromised by a cyber attack, always contact the FBI. This is the first question your cyber insurer will ask you if you are hacked.
To protect your business, be prepared
Our digital networks connect us all, but they also make us vulnerable to bad actors from all over the world. Prepare your business for the possibility of cybercrime just as you would any other disaster or unforeseen event.
RELATED: How to Protect Your Small Business From Today’s Cyber Security Threats
about the authors
Terry J. Ingram is a partner at Newport, LLC, as a corporate advisor in global expansion, repatriation of products and services, chaired by acquisitions and turnarounds with a particular focus on revenue growth, path engineering review and sales; reach him by email at [email protected] Michael Evans has been with Newport LLC since 2012, where he is a member of the board of directors and CEO, and writes and reports on a variety of business topics for emerging growth companies. See Michael’s articles and full biography at AllBusiness.com and LinkedIn.
This article was originally published on AllBusiness.com.