Data breaches that compromise hundreds of thousands (or even millions) of records tend to grab the most headlines, and we only get to hear about them when the large organisations admit their failures (which is not always the case).
The true scale of the problem is not really known as breaches can often be ‘swept under the carpet’ – it’s not great for business to acknowledge you’ve had inadequately protected systems.
Just try googling “security breaches” and you will be inundated with news stories globally of companies being attacked. Just recently we even heard that Facebook had been infiltrated.
More and more smaller scale businesses are under attack
Don’t be fooled by the big names though, as Small and medium-sized businesses (SMBs) are far from immune to cyberattacks. Just last month we saw that being a small business situated just off the West coast of Scotland on the Isle of Arran does not matter in the world of cybercrime.
The Arran Brewery were recruiting for new employees and suddenly had lots of interest after the advertisement was posted on an international jobs site.
They started getting several emails a day, all with attached CVs, and in amongst the genuine job seekers there was a virus embedded within a CV. When it was opened by a staff member, the virus took effect, and the software started to encrypt their systems and backups.
The brewery faced a ransom demand where they had to pay up for a key to decrypt the files or face losing their data. They brought in cyber security specialists who removed the virus and restored some of the system, but not all. They appear to have lost a lot of data.
Time To Detection (TTD)
It was interesting to note that their Anti-Virus (AV) protection software did not pick up the attack.
This is a common problem as traditional AV solutions rely on updates to be created and pushed out to machines, sometimes with the aid of the users themselves. It can also take the AV software companies quite some time to detect a threat in the wider world (known as the “Time To Detection” or “TTD”) after which they can address the problem and get critical updates out to customers.
Faster time to detection is critical to minimise damage from intrusions, and one of the reasons we are Cisco partners is because they have successfully lowered their TTD to as low as nine hours (compared to the average of 100 days). That’s quite a difference.
Cisco’s “Small and Mighty” is a special report that indicates 53% of midmarket (or medium sized) businesses have experienced a security breach, which should be an alarming figure for anyone responsible for IT within a small or medium sized business.
What would downtime mean for your business?
40% of those who were breached had over 8 hours of downtime.
You can see the full report here, it’s an interesting read.
It won’t happen to us…. will it?
The larger enterprises invest fortunes and recruit security teams to handle cybersecurity, so it’s no surprise that cybercriminals may find it easier to take the path of least resistance and target the small and medium sized businesses.
If you think your business is too small to be targeted by a hacker then you should think again. If your business handles any financial information or valuable data about your customers, then you’re a target for cyberattacks.
Some simple advice
One very simple recommendation is to frequently back up your data, not just once, but multiple times. If you’re outsourcing your IT to a third party, make sure they are doing at least two or three backups in different places, as data loss can be devastating and literally bring a business to the brink of closure.
Whilst some small businesses don’t see the need to spend on cybersecurity, it’s not the place for SMBs to cut costs. If you don’t take cybersecurity seriously, and one day you’re forced to pay £10,000 in bitcoin to — hopefully — unlock your data, you’ll regret that approach.
That’s where we come in. At Ironshare we realise that budgets are tight, so we provide security services at an affordable and realistic price.
Check out your IT provider or support teams
Your own IT staff or support company will no doubt provide the basics — such as routine system monitoring, software upgrades, training on new systems and services, help desk support, and other things – but they may not have any specialist security knowledge.
It’s hard for a standard business or IT provider to find and retain staff, and problems can start if you don’t have people dedicated to security on a daily basis.
The Ironshare Managed Security Service
Ironshare are an MSSP (Managed Security Service Provider) and our fully qualified team can enable small businesses to outsource their cyber security protections for a flexible monthly or annual fee.
We’ll help you to assess your people, process, technology and practices and put together a plan that will see immediate benefits. Our services are backed by industry leading Cisco solutions that are reliable, well-implemented tools and technologies.
If you’d like a “proof-of-concept” period before signing up, then we can arrange a free trial to showcase our services. Simply enter your details on our Contact page.
Ironshare – Security, Simplified.