Network security is a crucial consideration for every single organization, especially ones that utilize the Internet. There were a lot of negatives and some positives that came out of 2017 in regards to cybersecurity. Listed below are some of the most troubling cybersecurity statistics collected in 2017, as well as suggestions on how to keep your company safe in 2018.
Statistic for 2017: In the United States, 61% of small businesses experienced a cyberattack and 54% experienced a data breach that had severe financial consequences in 2017. 2017 saw phishing/social engineering scams out number web-based attacks for the first time. Phishing (the attempt to use fraudulent emails that look legitimate to gain sensitive information to exploit for financial gain) and social engineering (the psychological manipulation that persuades others into giving up personal information), make up about 48% of all cyberattacks.
SMB Action for 2018: One way to limit the risk that your business will fall victim to phishing and social engineering is to make sure that your employees are aware of up-to-date cybersecurity best practices and follow them constantly. Even something as simple as opening an email attachment can have a catastrophic impact on your organization. Creating a Acceptable Use of Technology policy is a solid way to make sure that your employees know what is expected of them when it comes to technology and your organization.
Statistic for 2017: Despite many business owners feeling like their employees and/or would never do anything to cause data loss or put their network at risk, more than half (54%) of the data breaches for small business in 2017 came from employee/contractor negligence, up from just 48% the previous year. While negligence was at the top of the list, it was followed closely by third party mistakes (43%) and errors in system or operating processes (34%). However, nearly ⅓ of those companies who experienced a breach reported that their company couldn't determine what caused the incident.
SMB Action for 2018: Short of having a computer forensics unit on standby, companies will need to limit risks by properly training their staff in the industry standard of protecting an organization’s network. Enforcing strict guidelines on how people access and interact with data will go a long way toward mitigating organizational threats. Employing the use of virtual private networks (VPNs) to encrypt remote access data flow provides a strong defense against the interception of data.
Organizations will also need to follow strict procedure to close any vulnerabilities they may have with software systems, or former employee, contractor, or vendor access to their network infrastructure. The more diligent organizations are in training staff, and enacting a fast-acting strategy against closing vulnerabilities, the better chance they have of coming through 2018 unscathed.
Statistic for 2017: One question that is usually overlooked during most run-of-the-mill security surveys is what it is that small businesses believe to be the most likely target of cybercrime attacks on their business - and are therefore most likely to be protected by SMBs. According to the results of this survey, about 63% of small business owners felt that the theft of their customer records was the greatest concern. The theft of their intellectual property followed at 48%.
SMB Action for 2018: Since the protection of all data depends on diligence, protecting customer records, intellectual property, as well as employee’s personal information and the organizational financials is a significant effort that has to be understood and performed by every single person in your organization. Companies today are constantly under threat and have to organize their security strategy to be both proactive and reactive. Hackers know what they’re looking for and designing a strategy and following through is the only way the modern company is going to be able to protect itself 100% of the time.
Statistic for 2017: When it comes to detection and prevention, small business technology scored rather poorly. In fact, 61% of small businesses responded that the technologies currently in use by their organization could NOT detect and block most cyberattacks. For 2017, 66% of responding businesses said that they had already experienced exploits and malware attacks that had evaded the current intrusion detection systems, if they had any to speak of and 81% had attacks dodge their anti-virus solutions.
SMB Action for 2018: Today’s RMM tools, firewalls, and antivirus programs are thorough, but are often not always updated in real time. Today it is important to depend on solutions that don’t keep you at risk longer than you need to be. Companies will have to invest time and capital into defending themselves in 2018, just as they have had do to over the past several years. There is some real risk that relying on software alone will catch most of the threats, but only an actively monitored network is truly safe.
Statistic for 2017: When it comes to ransomware, most small businesses that have not yet been victims of ransomware still believe that they are too insignificant in size to be targeted by cybercriminals. Less than 50% of small business respondents said that ransomware was a serious financial threat, were concerned that negligent employees put their company at risk, and felt that the prevention of these types of attacks were a priority.
Of those SMBs that have been victims of one or multiple ransomware attacks, 51% of them were attacked within the past year. With 10% experiencing attacks in the past three months or less, 14% within 3 to 6 months, 18% within 6 to 12 months and 9% within 12 months or more. There were three predominant types of ransomware reported by those victims: 39% were faced with encryption ransomware, 30% were faced with locker ransomware and 31% were faced with both.
SMB Action for 2018: Ransomware can ruin a business, period. In 2018, companies will have to come to grips with the new normal in which many different strands of ransomware will be available to hacker all over the glove. Further, businesses will have to consider themselves the primary target for this type of threat. If over a third of businesses are exposed to some fashion of ransomware, expect that number to rise exponentially. It is a problem that has to be at the forefront of any organization's cybersecurity considerations in 2018.
Statistic for 2017: In one of the most concerning aspects of this study, of those small businesses who were attacked more than 60% paid the ransom. The average ransom paid out was $2,157. Of the 40% who did not pay, they cited the following reasons for not paying: 67% said it was because they had a full backup and would not lose the data and 52% said they didn't trust the criminals provide the decryption cypher upon payment.
SMB Action for 2018: First: UNDER NO CIRCUMSTANCES SHOULD A SMALL BUSINESS PAY A RANSOM. Ransomware attacks are becoming less and less likely to return data after payment. In fact, many organizations are faced with multiple payments that culminate in data loss AND significant monetary damages. Small businesses can no longer afford not to have both a security solution that helps them keep ahead of the latest ransomware dangers, as well as data backup solutions that will be there to fall back on in the event that ransomware does get the best of them. Those businesses who felt that they couldn’t afford to have a data recovery and network security solutions in the past are now finding that they can’t afford not to.
Statistic for 2017: It seems like each year, there are more government compliance and regulatory standards that small business technology is required to meet. For example: the Health Insurance Portability and Accountability Act (HIPAA) has made a lot of headlines over the past several years, demanding that healthcare facilities take certain precautions when it comes to the management of electronic health records. However, a surprising amount of small businesses have yet to experience government enforced standards for their industry. 41% of all small businesses say they don't have to comply with any type of standard or guideline.
SMB Action for 2018: Network security can't be viewed as optional. Just because your industry or business doesn’t fall under the umbrella of federal or state data security mandates doesn’t mean that you should look at network security as anything but imperative. We’ve outlined through this article just how difficult sustaining a business is when you lose any data, let alone customer or vendor data. With 41% of surveyed companies not complying with even payment card index regulation, there is likely an opportunity for your organization to enhance its network security efforts. Hackers and social engineers aren’t becoming less prevalent, so the modern business should absolutely act accordingly. By aligning your organization’s network security policy with your organization’s computing strategies, you will go a long way toward mitigating risk, and keeping your data secure.
If 2017 taught us anything, it’s that everyone has to be aware of the treats of conducting business in the modern, technology-fueled world. By being protective and really focusing on protecting yourself and your company from software vulnerabilities, hackers, social engineering, and the many other threats we all face, you will be able to conduct business as usual; which, is all you can ask for with the exorbitant amount of risks that threaten the sustainability of your business.
For more information about these statistics or strategies to keep your organization from become just another victim, call Macro System’s IT professionals today at 703-359-9211.