The news brings us reports about high-profile data breaches and cyberattacks almost every day like a persistent cautionary tale saying this could’ve happened to you. But still for many companies, the threat still might not seem real. Most firms are not handling things like high-value data or control over critical infrastructure, so it leaves business owners with a lot of questions about how cybersecurity concerns could realistically impact their operations.
Over the last few months, we’ve been gathering several of those commonly held questions to help illustrate what the average Hoosier business1 could potentially encounter. Even though there is great variance in the scale, type, and likelihood of an attack, cybersecurity is a subject that everyone should be taking seriously. Yet only about 14% of business are prepared to defend themselves, according to CNBC.
It’s pretty easy to hack your company. Hackers have a lot of options. The most commonly used method is to figure out your password. Up to 80% of cyberattacks involve the exploitation of weak passwords, according to Inc. Magazine. To make things worse, about 55% of people use the same password for everything, making it much easier for hackers to access all of your important accounts at once.
Another common method is to send a member of your company an email that looks legit but is actually fake. This is called phishing and it’s intended to make the recipient either divulge important information or get them to click a malicious link or advertisement to infect a computer with malware.
A variant of phishing is the social engineering method, where a hacker pretends to be a member of your company – or even a superior – to get other employees to do things like reset a password, click a file that contains malware, or even transfer funds. Almost a third of all security breaches involve scammers impersonating a member of the company they’re targeting.
And finally, another one of the most common ways to get hacked relates directly to the increasing use of connected devices within company processes. With more IoT devices (internet of things) controlling things in our businesses, there are more opportunities to get hacked. In many cases, the original factory default passwords are left on these devices and that makes them vulnerable. Hacks on IoT devices range from annoying, such as someone taking over your thermostat, to severe, such as someone shutting down your assembly lines. It all depends on what they can access.
Those are really just the beginning. More than half of all U.S. small businesses had a breach over the last year. There are likely hundreds more ways to get hacked in addition to those mentioned here.
Hacks and data breaches can look different between types and might even seem quite innocuous at first. Your first indication might be a suspicious email from your boss or a coworker, perhaps directing you to make a payment to a certain entity, click a link, or provide information. Or perhaps you’ll notice unusual network activity such as spikes in traffic, strange activity during off hours, failed login attempts, unknown files on your server, browsing redirects, programs/apps/extensions installed without your knowledge, computers acting on their own, or others. You might even receive a ransom note telling you that your files have been taken hostage.
With so much variability, you’re going to need to keep an eye out for anything that looks suspicious. Don’t click anything in an email unless you’re 100% sure it’s real, and don’t ignore odd behaviors from your computers.
A data breach as the potential cost your company everything. As many as 60% of small-to-medium-sized businesses shut down within six months of a hack, according to the National Cyber Security Alliance. In terms of a general figure, the average data breach costs about $200,000, according to Hiscox, an insurance provider. Individual results will vary greatly, depending on your industry, how long you were shut down, what you lost, and the breach’s effect on your brand.
According to a study from IBM, the number one way to reduce the cost of a data breach was to leverage an incident response team. Doing so saved companies an average of $400,000 during a breach. Examples of Indiana companies that can assist include companies like Pondurance, Catapult Tech Solutions, Cimcor, and many others throughout the state.
Infosecurity Magazine estimated the average cost for effective cybersecurity would be 1-2% of the operational budget of a large organization and as much as 4% or more for a small business.
It’s best to be proactive and have a plan in place. The state of Indiana provides a template for a cybersecurity incident response plan on its Indiana Cybersecurity Hub website that can help you structure initial drafts of your own strategy. You can also use the Indiana Cybersecurity Scorecard to assess your company’s current security level, report a cybercrime if one has occurred, and find other helpful resources.
The Dept. of Homeland Security also has a great assortment of resources for small and midsize businesses on its Cybersecurity and Infrastructure Security Agency (CISA) webpage. There, business leaders will be able to access a guide for implementing cybersecurity practices throughout their organizations.
It’s also important to begin educating your employees about cybersecurity. This could range from a full-blown formal training program to just a simple collection of informal YouTube videos and regular updates to build awareness of new threats.
There are several key trends that business owners need to be aware of this year, particularly because hackers are targeting companies on several new fronts. Matrix Integration, technology solutions advisors with several locations throughout Indiana, published new trends that described how criminals are finding new ways to exploit businesses by attacking supply chains.
As part of a solution, there is a growing trend of companies using end-to-end security monitoring and mitigation. That is, all entities involved in the supply chain are running the same uniform software to monitor network activity and identify possible breaches.
Other major trends taking place right now are increases in the use of multifactor authentication, IoT security, single sign-on solutions, and even new uses for artificial intelligence tools that can monitor networks.
Don’t let your company be an easy target for hackers. Stay up to date on the latest threats and consider connecting with experts that can help you prevent breaches and losses before they happen. Remember that a reactive strategy will be more expensive than a proactive one, and a little bit of planning could prevent a major catastrophe.
Cyber threats are considered the biggest risk facing Hoosier businesses today, according to the Indiana Chamber of Commerce. It’s time to start taking the threat seriously and get your company ready.
