What The Experts Say
Did you know nearly 60 percent of all malware attack victims this past year were small businesses?
Many owners of startups and modest-sized companies assume that because they haven’t reached the financial heights of a Starwood/Marriott, Under Armor, Facebook or Panera Bread (all hacked in 2018), that they’re somehow immune.
Nothing could be further from the truth. The simple fact is that most hackers prefer going after soft target – online assets that are inadequately protected and less likely to hunt them down with the big budgets of major corporations. Most small companies have enough personal information about employees and customers to make attacking them worthwhile for some cybercriminals. And if these online crooks hit enough small businesses, they can also make off with sizable sums of cash.
Some security experts like to make the comparison with burglars who break into multiple homes on the same night hoping to make off with all sorts of jewels, electronics, artwork and cash. The big difference is that hackers might go after hundreds, thousands or even millions of targets with automated software.
With nearly half of U.S. small businesses suffering at least one cyberattack in the last year, it is critical to have a security plan in place (barely half do). Here are 5 trends to advise your 2019 plan:
1. Ransomware; a continuing problem
It wouldn’t be a security conversation if we didn’t lead off talking about ransomware.
In case you haven’t heard of it, this is malicious software (malware) that seizes control of your computers, locks you out and demands a financial ransom to turn control back over to you. As with any kidnapping, the criminal may return the goods – only to come back and steal them again at a later date.
About 92 percent of ransomware is delivered through email, according to Verizon, and users at small businesses receive an average of nine malicious emails per month. Indeed, ransomware attacks are now the fastest growing malware threats with more than 4,000 is this 4,000-0 right? attacks occurring daily since January 2016, according to the U.S. Small Business Administration.
In 2019, consider some simple steps to stay ahead of ransomware. These should include sponsoring security awareness training for employees (to keep them from opening emails they shouldn’t), keeping your antivirus and security patches up-to-date and using hardware with built-in security features.
2. Phishing gets more devious
Like ransomware, phishing tends to occur through email.
This is a type of attack where a cybercriminal sends you a communication that looks official – maybe it came from a company like Apple or Microsoft or perhaps it seems to come from a government agency. But in fact, it’s merely an attempt to get you to click on a link that will allow a piece of malware to infect your computers.
In the past, such scams have been pretty easy to spot. They often came from countries where English wasn’t the first language, so they typically included misspellings or weren’t composed particularly well. But in recent years, cybercriminals have become much more adept at crafting their communications. What’s more, they’re also going after specific targets – such as top company or financial executives – with personalized emails that are even more difficult to detect. This is a technique called “spear-phishing.”
As with ransomware, it’s important to train employees and keep security software current. In addition, be aware that phishing attacks can be launched when employees click on links to phony Web sites. To guard against these malicious attempts, consider hardware with built-in Web browsing security features. The HP Elite family, for instance, comes with a feature called HP SureClick that can reduce the likelihood of clicking on dangerous links.
3. Small businesses embrace AI for security
Many small business owners probably still think of artificial intelligence (AI) as something powering their Alexa or Google Home devices and the personalized ads we sometimes get on Amazon and other sites.
But AI, at its core, is really all about automation. It uses machine learning algorithms to arrive at educated guesses and recommendations that allow us to make quick and (hopefully) smart decisions.
Interestingly, Webroot, a cybersecurity company, recently noted AI can also be used to both launch and defend against cyberattacks. On the hacking side, it can be applied to target small business computers more broadly and in a very specific fashion. At the same time, Webroot notes “AI and machine learning will continue to be the best way to respond to the velocity and volume of malware attacks aimed at SMBs (small and midsized business) and MSP (managed service provider) partners.”
Of course, no security measure stays safe for long. A new McAfee report, for instance, notes hackers are already coming up with ways to evade machine learning engines. But AI could still be a viable cybersecurity option for many small businesses in 2019.
4. More companies outsource security
Years ago, when you outsourced a project, you went to a human being. An outside contractor. A temporary service.
But these days, you’re more likely to turn to a cloud-based subscription service. In fact, the everything-as-a-service (XaaS) model is changing everything – including cybersecurity.
As fortifying small business computing networks becomes more complex, and the need to do so gets more pressing, more SMBs will likely turn to a device-as-a-service (DaaS) model for help. This model is a complete solution combining hardware, insightful analytics, proactive management and services for every stage of the device lifecycle. Customers always have the latest equipment with the most current, built-in security features. And security aspects are managed by experts in that field, enabling small business owners to concentrate on their real priorities – pleasing customers and generating revenue.
This consumption model is still in its infancy but is likely to become more common as businesses of all sizes decide they need professional assistance keeping cybercriminals at bay.
5. Cybersecurity insurance becomes a thing
In California, many homeowners insure their domiciles when taking on a mortgage, but few go the extra mile and pay for earthquake insurance – until a big one happens. Then it becomes “a thing.”
For small businesses, the “big one” in cybersecurity can happen any day. And with as many as 60 percent of hacked SMBs going out of business within six months of an attack, according to SMB Group, few can afford the risk of not having cybersecurity insurance.
Cybersecurity insurance, as the U.S. Department of Homeland Security defines it, is designed to mitigate losses from a variety of cyber incidents, including data breaches, business interruption and network damage. The cybersecurity insurance market is expected to reach $17.55 billion in 2023 compared to just $4.52 billion in 2017, according to Orbis Research. Much of that growth will likely happen amongst small businesses, which make up 99.9 percent of all businesses in the United States.
With threats constantly rising, it behooves every small business to consider cybersecurity insurance. There are plenty of options available. Conduct research to determine what’s right for your business.
Heading into 2019, small businesses face a sketchy and challenging cybersecurity threat landscape. But by staying mindful of key trends and having a strong security strategy in place, it’s possible to diminish the likelihood of an attack and minimize the damage to your company, should one occur.