Cyber security and small and medium-sized companies: how they can they defend themselves in 2019 as the Cybercrime menace grows
by: Michael Baxter | 25 December 2018
Cybercrime continues to surge without a slowdown in sight. Cyber security and small and medium-sized companies is a big issue, but businesses can take steps to protect themselves, says Michael Fitzgibbon at Slice Insurance Technologies.
The cyber security threat continues to worsen. In the first half of 2018, the number of cyber breaches soared over 140% from a year earlier, leading to 33 billion compromised data records worldwide, reports Gemalto, an international data security company. Malicious outsiders sparked more than half of the 944 breaches and accounted for roughly 80% of stolen, compromised or lost records. Identity theft continues to lead data breach types, but financial access incidents are escalating in severity as well. The issue of cyber security and small and medium-sized companies is becoming vital.
The United States continues to be the favorite target, and data breaches at major US enterprises continue to grab the headlines. In 2018, the most notable breaches have occurred at Adidas, FedEx, Jason’s Deli, Macy’s, Under Armour, Nordstrom’s and most infamously, Facebook.
Small and medium-sized companies are increasingly targeted
As for cyber security and small and medium-sized companies, many are realizing that they are viewed as attractive a target as the larger companies. Cisco’s 2018 SMB Cyber security Report found that 53% of mid-market companies in 26 countries experienced a breach. For these companies, the top security concerns are targeted phishing attacks against employees, advanced persistent threats, ransomware, denial-of-service attacks and the proliferation of employees allowed to use their own mobile devices.
Malware of all types is a huge problem. It is becoming more difficult to combat as cyber-attackers get more adept at developing software that can evade traditional detection and employ more sophisticated malware.
For small and medium businesses, one breach often puts a victim out of business. That’s because 54% of all cyber-attacks cause financial damages exceeding $500,000, the 2018 Cisco SMB cyber security report shows. That price tag along with a damaged reputation are hard to survive. If they do survive, they still face significant system downtime that averaged eight hours or more in the last year. Further, such companies often lack the IT talent, budget and technologies to prevent, uncover and respond to an attack.
Finding the right cyber insurance cover can be a difficult journey to navigate, with many businesses, agents and brokers still unsure of how to correctly unravel the ambiguities and complexities associated with ‘cyber’ – commonly misperceived as something that applies to anything involving a computer. Providing some much-needed clarity on cyber insurance policies – which are, in their purest form, privacy policies – Graeme Dean, Head of Insurance at Cover Genius, cuts through the nebulous jargon to help companies understand the real risks to their business
How to better defend against cyber-theft
Unsurprisingly, there is no easy solution – and none is likely within the near future – to prevent data breaches. But all businesses, especially small and medium sized companies can become better prepared and more adept at protecting against cyber-crime.
Here are five actions concerning cyber security and small and medium-sized companies that can be taken to become more security-conscious:
Conduct a security audit. Learn how secure your network and other security systems are, where vulnerabilities exist and how to resolve them. If you consider cyber security insurance — currently the fastest-growing insurance — or have coverage from a business insurer, the insurer can usually refer you to resources to assist in the audit.
Ensure you have a proper backup system. And make sure it is easy to access in case you need to restore one piece of the system rather than the entire system. Enterprise-level cloud systems can help.
Examine all the entry points into your system and consider where they are vulnerable. These include all your workstations, communications and mobile devices as well as employee access cards, the internet and cameras.
Assess your system threats. These include client lists, passwords, data logs, backups and emails, and anyone who specifically has access to the system, including customers and vendors.
Put a prevention system in place to defend against intruders. Put yourself in the place of the cyber attacker and consider the possible ways the attacker could access your system and steal your data. If your internal IT staff isn’t experienced enough to handle, entrust a third-party firm, because the prevention system must cover physical and digital security.
It will pay to increase spending on cyber-security protection, developing qualified cyber security personnel and, perhaps, hiring a chief information security officer. Global spending on cyber security products and services is seen exceeding $1 trillion cumulative from 2017-2021, compared to a global cyber security market of just $3.5 billion in 2004. Businesses seem to be getting the message, but not fast enough, as far cyber security and small to medium-sized companies, the message needs to be absorbed much faster.
A diverse cyber security team offers multiple ways of thinking, allowing businesses to stay one step ahead of attackers. How can IT leaders take advantage?
Cyber Insurance attracts more small and medium business
Cyber Insurance is another purchase small and medium businesses are considering. The overall market grew substantially in 2017 with direct premiums written surging 32% to $1.8 billion and policies in force rising 24% to 2.6 million, reports A.M. Best, the insurance rating and information firm. The reinsurance giant Munich Re foresees the cyber insurance market doubling by 2020, and it notes that cyberattacks could threaten the existence of SMBs.
In general, small and medium businesses are finding increased accessibility for cyber security, more customized policies and increased oversight by state and federal regulators. In addition, large enterprises are expected to increasingly mandate cyber insurance for small businesses. Indeed, a report by Statistica, an online market research and business intelligence portal, found that nearly 30% of small and medium businesses purchased cyber insurance in April 2017 for contract compliance reasons.
AI is helping Darktrace fight the good fight against the bad guys in the cyber world, but AI cyber security does it by understanding networks; it doesn’t need to look for a viruses signature, then again, cyber criminals are adopting AI too, or so Darktrace’s Max Heinemeyer told Information Age.
With the continued spike in cyber breaches, it’s clear that all businesses, must improve their security. Simply investigating all security alerts received will help since over half now go uninvestigated. More small and medium businesses say they realize how critical it is to have a secure, protected network and system. Unfortunately, some only recognize it after they’ve suffered an attack costly to their reputation and their business.