If you think breach can’t happen to you, this idea is probably fading quickly. Especially, when you review the number of breaches and types of companies breached. In 2016 alone, more than four billion data records were stolen.
A closer look at the breaches reveals that three companies accounted for half of the total number of stolen records: Yahoo with over 1.5 billion records stolen in two separate attacks; AdultFriendFinder with 412 million accounts stolen; and Myspace with 427 million passwords stolen (when totaled, they account for 2.3 billion records out of the 4.2 billion records stolen in 2016). The remaining 2 billion accounts stolen in 2016, came from over 4,100 separate breaches targeting government agencies, medical institutions, and other businesses.
This makes it quite clear that it doesn’t matter if you’re a big business or small business, whether you work in healthcare or the private sector, your data is valuable to someone. To confirm this even further a look at a Ponemon Institute study reveals that 69% of small and midsize businesses (SMBs) don’t have the adequate budget or in-house expertise to achieve a strong cybersecurity posture; and that more than half of them experienced a data breach in 2016 (with an average cost of $879,582).
The numbers don’t lie, and even though some companies suffer bigger breaches than others; as the world moves to digital, hackers will go where it is easiest to get data before heading to tougher targets (businesses with a strong cybersecurity posture). At the moment, due to the lack of cybersecurity preparation, it seems that SMBs are becoming ideal first targets. Either that or the security industry is trying to get their attention before it’s too late. Either way, while a bigger company can withstand a breach without risking sure closure; an SMB not so much, due to the lack of funds and high costs of breach. Luckily, there are SMB cybersecurity solutions that can help these businesses to avoid such a fate.
All that is needed now is for businesses, large and small, to stop treating security with patch solutions (such as anti-virus software and firewalls alone) that don’t include people and process components, which are necessary to defend a business from catastrophic breach consequences. This means acknowledging that one’s data is valuable, no matter how little data you may think your business holds of value. It also means bringing security to the forefront in business meetings, with the board and/or executive team. Implementing a fluid communication, should actually be easier in smaller organizations versus bigger ones who have more butting heads.
Thinking that the consequences of a breach are being blown out of proportion may be partially true due to the media’s tendency to sensationalize the news and create shocking headlines, but the numbers speak for themselves. If that’s not enough, there is concrete evidence of the damage breach can do to business. Take Target for example, their 2015 breach is still haunting them in the headlines. Once you’ve been breached it takes quite some time to reestablish trust with customers, not to mention the time and money it will take to settle lawsuits, and the effort it will require a business to rebuild their brand image.
The sooner businesses work on a solid cybersecurity defense, the less likely they are to experience a devastating breach; but also, they will have been doing all that they can to avoid breach and protect their data, and customers’ data. Giving it all, shows customers that a business knows the importance of defending data; and the right steps, will also minimize breach costs and damage for the business.
If you’re ready to get started on a holistic cybersecurity posture, give us a call.
We’ll talk about your security needs and find the solution best suited to protect your business!
Photo courtesy of Nata-Lia