Home >> Insights  >>

The 101 Of Cyber Security For Small Businesses

by Venkatesh Sundar, Co - Founder & CFO, Indusface April-2018

Within famous cyber attacks on larger companies getting all the media attention, smaller companies think that they’re not really on target with their limited web presence. But, the numbers will shock you.

According to the Osterman Research Survey Report 2016, 71% of SMEs have suffered a security breach during the previous 12 months. The risks were further highlighted in the Small Business Trend Report published last year, which states that 43% of cyberattacks target small businesses.

However, the most disturbing piece of stat is from the U.S’ National Cyber Security Alliance report stating that 60% of small companies that suffer a cyber-attack are out of business within six months. This should scare every business owner.

Although large enterprises, once breached, offer the opportunity for a significant payout, SMEs are an easier target given their lack of security expertise, budget, and personnel to understand and addresses the risks.

Today, cybersecurity is a necessity for every business online. It doesn’t matter who you are. Whether you’re a solopreneur, a startup, a scaling small business or an enterprise, hackers will find you. To be secure, you must ensure that your cybersecurity 101 policies are in place.

Stop Bad Bots

Do you know how attackers find small businesses and target them? Attacks are no longer limited to manual efforts of finding a weakness and exploiting it. With so many credential lists available for sale or already in the wild, attackers just need tools that can launch mass cyberattacks.

For instance, in 2015 attackers used Sentry MBA tool and made over 5 million login attempts at a Fortune 100 B2C website using multiple attack groups and hundreds of thousands of proxies located throughout the world. Similarly, botnet traffic is available for as low as $5 an hour that can send enormous amount of spam traffic to any website until their servers give up.

It’s critical that you keep an eye on bot traffic and stop it before destruction. Although there are plenty of tools that can help detect bot traffic, a cybersecurity expert can better help to develop policies that suit your business without affecting genuine traffic.

Update Your Systems

Companies using outdated technologies and systems are highly vulnerable to breaches. This is what happened in the infamous Wendy’s credit card breach when they lost data for 1000s of customers. Apparently, the company was accepting payment through outdated POS systems.

Leave aside the features, functionality or aesthetics of an update. The most important reason to keep your systems up to date is security. Whether it your server’s operating system, application features, internal devices, or a firewall, ensure that the latest patches are installed on priority.

Stay on Top of Security Trends

The recent ransomware adversary ‘WannaCry’ was a wake-up call for businesses across the world. It crippled 42 National Health Service trust centers in the United Kingdom, hundreds of computers at the Russian Interior Ministry, and many university networks in China. Tens of hundreds of computers at private companies were also been affected and most of them either lost all the date or paid ransom to get rid of the encryption.

It’s just a matter of time before something else replaces it. New types of malware and ransomware attacks are created every day and you never know which one will end up in your email or flash drive. Do not wait for a hack to happen before you learn about emerging risks. Follow cybersecurity blogs, experts, and companies to stay updated on all kinds of existing and emerging threats.

Think Application Layer

According to the American research and advisory firm Gartner, 70% of all cyberattacks happen at the application layer. Application-layer threats were also echoed in the State of Cybersecurity in Small & Medium-Sized Businesses Report, where 49% businesses said that have experienced ‘Web-based (web application) Attack’ and noted these attacks as the most common threat facing businesses today.

Unfortunately, startups tend to ignore an investment in application-layer technologies given the perception that their web presence is not significant enough to attract hackers’ attention. Ideally, they should consider identifying and patching vulnerabilities in their web applications and APIs.

Consult with Cybersecurity Experts

Is there a dearth of cybersecurity professionals? Over the next five years, the number of unfilled cybersecurity jobs will rise to a whopping 1.8 million, a 20% increase from 2015 estimates, according to a recently released (ISC)2 survey.

The shortage of skilled cybersecurity professionals is evident in the smaller companies. Consider the fact that Cisco’s Annual Security Report highlights that 22% of businesses with fewer than 500 employees do not even have an executive with direct responsibility and accountability for security.

Can they really afford to lose focus trying to fill this gap? The success of startups relies on speed and agility, and spending time and resources on security can get in the way of this speed. Instead of trying to build all the skillsets in-house to manage security, they should outsource it to others for their security expertise in ethical hacking, to help them identify risks and protect from those risks.