Cyber incidents happen, on average, every 39 seconds! By the time I finish typing this next sentence, another one happened. With the alarming frequency and sheer volume of cyber attacks that happen each and every day to businesses, it's almost wishful thinking to believe that it won't happen to your business. With the recent SolarWinds attack, the effects not only hit SolarWinds, but cascaded down to a whole slew of others. Think it can't affect you? Think again!! What are the effects of a cyber incident on your business?
Let's first review the SolarWinds incident. Hackers successfully injected malicious code into SolarWinds software, and this code gave the bad guys access to all of SolarWinds' customer data. Even more scary is the fact that the hack went undetected for months, allowing cybercriminals to develop and implement a back door to SolarWinds' end-users' systems. So not only did the hackers get SolarWinds' data, but they infiltrated their customers' networks as well, collecting more data and creating more havoc.
Now you may be thinking that your small business isn't going to be the target of any hacker's intent. In that regard, you'd be shocked to know that small and mid-size businesses are uniquely susceptible to cybersecurity threats. Hackers are acutely aware that these companies have less resources to invest in the big enterprise security solutions that companies like SolarWinds have. That means your small business is an easier target for attack. For every SolarWinds incident, there are hundreds of smaller attacks on companies that we never hear about (remember, every 39 seconds!). The numbers now tell us that 43% of all online attacks are now aimed at small businesses, the new favorite target of cybercriminals. The scarier fact is that only 14% of those small businesses are prepared to defend themselves from an incident. And even worse, COVID-19 has only made things worse, leading to a spike in global cyberattacks since the pandemic began. Finally, more than half of all small businesses have suffered a breach within the last year.
The effects of a cyberattack on a small business are going to be felt a whole lot harder than on a large enterprise. The average costs of a cyber incident is around $200,000, and it's only expected to grow. Those costs come from a variety of places including:
- Disruption of business due to loss of access to files and critical business information. Often times, hackers want a payment in bitcoin for release of data. And there is no guarantee that your data will be released with the payment of a ransom.
- Reputation damage if customer data is stolen. Many times if a data breach is severe, customers may look to take their business elsewhere.
- Lawsuits and fines can occur if large amounts of personal information are stolen. These suits can become lengthy and expensive, often taking years to settle. Fines can come if all compliance rules aren't followed, such as HIPAA.
This cascading damage can often lead small businesses to the brink of disaster, and in some cases, put them out of business for good.
How to prevent a cyberattack
Cybersecurity is an ongoing and evolving process of continuous improvement. Regular updates to security assessments, employee awareness training, network firewalls, password security and more are critical to keep threats at bay. Our helpful checklist provides 15 ways to help your business prevent a cyberattack and to possibly uncover areas of vulnerability in your business.
Because the landscape of cybersecurity is constantly changing, breaches are possible even when the strictest of security measures are taken. By implementing a cyber incident response plan for your business, you can create a set of instructions to help IT staff detect, respond to and recovery from a security issue. A response plan helps provide the framework to surviving a cyber incident, and allows employees to know exactly what to do in the event of a breach. These types of plans address issues that threaten daily operations including data loss and service outages.
Know your risk
At the end of the day, the costs of a cyber incident are more than just monetary. Losses can vary from business to business and can involve reputation damage, lawsuits and fines, breaches or damage to customers and vendors, and in worst case scenarios, closure of the business. Before you experience a cyberattack, create your business's incident response plan. Check out this infographic as a jumping off point to see how secure your office really is, and work from there with a reputable managed IT services partner or your internal IT staff.
A managed IT services partner (MSP) may sound like an expensive venture. A true MSP partner will work with you and your budget to come up with solutions that fit your needs and your bottom line. The question is no longer if you can afford an MSP, but can you afford a security breach?