Businesses Unprepared for Cyber Attack

September 18, 2016 by Lore Engineering Team

Over 40% of Businesses Say They Are Not Prepared for a Cyber Attack

Build a better Internet and they’ll build a better hacker. Today’s world spins on an axis of 1’s and 0’s and in this landscape, personal information is ripe for the taking. As new businesses spring up every day, all jockeying to have a web-based footprint, cyber-attacks are on the rise.

According to the Security Threat Report 2016 released by Symantec, “There were over one million web attacks against people each day in 2015. Cybercriminals continue to take advantage of vulnerabilities in legitimate websites to infect users, because website administrators fail to secure their websites. Nearly 75 percent of all legitimate websites have unpatched vulnerabilities, putting us all at risk.”

With every new technological progression or product, companies must consider their security posture. As it stands today, over 40% of small business executives have said they find themselves unequipped to handle the increasing threat of malicious hackers around the globe.

The White House’s Office of the Press Secretary issued a statement warning that, "In an increasingly interconnected world, American companies are also leaders in protecting privacy, taking unprecedented steps to invest in cybersecurity and provide customers with precise control over the privacy of their online content. But as cybersecurity threats and identity theft continue to rise, recent polls show that 9 in 10 Americans feel they have in some way lost control of their personal information — and that can lead to less interaction with technology, less innovation, and a less productive economy."

In most cases, the small business mindset is akin to a mad dash to get a feature-rich product out the door, while security is left hanging in the wind as a subtle afterthought. While this mentality can bring a quick influx of profits, businesses practicing in this way will often times find themselves wishing they had invested in security once their first breach occurs.

Phishing

The first step any small business should consider is in-depth personnel security training. Even the most competent of individuals have fallen prey to innovative phishing emails or insider threats by simply not being aware of what to look for. While these attacks might be extremely simple in nature, the outcome in most cases is far from desirable. To mitigate this risk, it is exceptionally important to invest in a security training course to be taken at least annually if not more frequently.

In February 2016, vehicle hire company MNH Platinum suffered a massive attack. “We were completely unprepared for a cyber breach simply due to a lack of awareness of the magnitude an attack of this type could have through mistakenly clicking a link in an email,” said managing director Mark Hindle. We want to prevent things like this from happening to you

As noted by the US Securities and Exchange Commission in this warning, “When fraudsters go on 'phishing' expeditions, they lure their targets into a false sense of security by hijacking the familiar, trusted logos of established, legitimate companies.” Other common Phishing scams resemble news articles, asking the user to click to read more, or customer service tickets or surveys asking the user to click to reply.

Distributed Denial of Service (DDoS) Attacks

Even if businesses are able to adequately train personnel and are able to afford trained internal IT staff to help mitigate threats from within, organizations are still faced with a growing number of outsider threats; most commonly in the form of service outages caused by Distributed Denial of Service (DDOS) attacks.

According to this study by Kaspersky Labs “61% of DDoS victims temporarily lost access to critical business information; 38% of companies were unable to carry out their core business; 33% of respondents reported the loss of business opportunities and contracts. In addition, in 29% of DDoS incidents a successful attack had a negative impact on the company’s credit rating while in 26% of cases it prompted an increase in insurance premiums.”

Unlike larger businesses that have dedicated security teams, such as Facebook or big-box stores like Target most small businesses can never recover from an extended outage caused by this type of attack. Despite the fact that the number of companies with a preparedness plan in place has continued to increase, year over year, many companies doubt the efficacy of their plans as shown in this report by Ponemon Institute.

Luckily we now have many tools at our disposal to mitigate these crippling attacks through the use of certified data centers, and bandwidth re-routing services.

Long-Lasting Repercussions of a Temporary Outage

Even though it is tempting and even easy to see the initial financial damage caused by a malicious attack and write it off as an acceptable risk, the long lasting effects to an organizations reputation can never be fully quantified. In a time when personal identifiable information (PII) is used in virtually every new technology and product, customers depend on these organizations to protect their data as if it where their own.

When the public eye no longer trusts and organization due to a breach there will be a significant drop in return business. With emerging new laws regarding the reporting of data breaches within organizations there is no hiding from the general public when it comes to the previous theft and or loss of their data.

"President Obama proposed two new data protection laws Monday, calling cybercrime a 'direct threat to the economic security of American families.' One of the measures, the Personal Data Notification and Protection Act, would give hacked businesses 30 days to notify customers of a data breach." - Jeff Stone, International Business Times

While every business is susceptible to the ever evolving security threats in this technological era, small business are especially vulnerable. There is no reason to be caught in a panic to recover from a breach because of a crucial decision to forgo security spending when there are threats around every corner.

For more information about preparing your business contact us now