Many SMB's do not consider cyber security a priority. A recent Gartner survey found that organizations spend 5%, or less, of their annual IT budget on cyber security measures. This is understandable since it is difficult to justify an expenditure that does not directly impact the companies bottom line by either increasing profits or reducing costs. The practice of risk avoidance is difficult to quantify when looked at this way.
A good example of this is disaster recovery, an often overlooked aspect of cyber security. However your data is your companies lifeblood and this practice is essential to preserve the confidentiality, integrity and availability of said data. Everyone knows they should have current backups of their data but how many actually have an effective backup strategy in place? Who wants to spend money on backup applications, extra hard disks and other storage media? What about the cost associated with time spent by IT staff reviewing backup logs to confirm they were completed successfully and rerun the job if it didn't? How many SMB's have ever engaged (invested) in a data recovery exercise? Regardless of the size of your business it is critical to ensure you can effectively recover from something as simple as a hard disk failure. If you cannot recover from a common issue like this how would you be able to recover from something like a data breach, virus outbreak or other cyber attack?
- 77% of respondents indicated they had not been compromised (hacked)
- 66% felt their data & devices were secured from hackers
A recent Ponemon Institute survey of 2000 SMB's revealed:
- 60% of upper management do not think cyber attacks represent a threat to their business
That's the perception.
Here's the reality.
The Office Depot Small Business Index found that:
- 14% of SMB's have no security protections whatsoever
- Less than half employ an email security solution
- Approximately half have implemented some type of Internet security measures
- Most dramatically, a full 80% do not utilize any type of protection to secure their data
The Ponemon Institute survey found:
- 33% don't know whether or not their business has been the victim of a cyber attack
- 42% have been the victim of a cyber attack in the last 12 months
Other respected publications have discovered:
- 72% of data breaches involved companies with less than 100 employees (Verizon's 2012 Data Breach Investigations Report)
- There was a 13% increase in targeted attacks aimed at companies with 250 or less employees from 2011 (18%) to 2012 (31%) (Symantec's Internet Security Threat Report)
- Most states in the US require that a company whose suffered a data breach notify each and every person affected by the breach. Current estimates place the cost of a data breach at $130.00 per person. Ask yourself how many consumer/customer records are in your company database and other electronic records then multiply that by 130 to estimate what a breach will cost you.
- Between 2005 and 2010 there were more than 500,000,000 records containing personally identifiable information (PII) breached. Of those approximately one fifth came from SMB's. (Privacy Rights Clearinghouse's Chronology of Data Breaches report, published in August of 2010)
- 80% of SMB's that are breached suffer significant financial loss or declare bankruptcy within two years of the event. (Per statistics compiled by Identity Theft expert John Sileo http://www.thinklikeaspy.com)
I could go on and on with these facts and figures but I won't since these are more than enough to lend credence to my asserton that SMB's must take measures to protect themselves. If you wish to see more examples of what happens to SMB's that take a lackadaisical approach to cyber security just Google the phrase (include quotes) "hackers target SMB's". The results should convince you to take cyber security seriously.
This post will end the fear, uncertainty and doubt (FUD) surrounding cyber security and the SMB. From here on out we will focus on ways to protect your business. Future posts will show you how this can be accomplished through developing policies and procedures, implementation of security best practices and a variety of security applications that are available at no, or very low, cost.
No comments:
Post a Comment