Why Are We Here?
According to the Symantec Internet Security Threat Report (ISTR)
- Small to Mediums sized businesses have seen an increase in spear phishing attacks by 65 percent
- Spear Phishing Campaigns targeting employees increased 55 percent
- Ransomware attacks have increased over 35 percent
- Vulnerabilities were found in 75 percent of all websites
These numbers should scare you. They indicate that companies are constantly at risk of attack, and that level of risk is growing each year. According to the ISTR, the old thinking that “I am too small to worry about being attacked” or “I don’t have anything that anyone would want” are no longer justified. The last 5 years had revealed a significant upward trend in attacks on businesses with less than 250 employees. This line of thinking represents a dangerous disconnect in the understanding of what small businesses think is important information and what information is actually valuable to cyber criminals. That fact of the matter is that small to medium sized businesses are prime targets because they have pieces of customer data that are invaluable to cyber criminals. Something as simple as an email address from your company directory can tell cyber criminals how to contact your customer and give clues that help determine their interests. To give you an example: That information can be used to craft a legitimate looking phishing email that will entice your customers to open it and then your customers becomes a cyber security statistic. Keeping that example in mind, look at the statistics below from the same article on the smallbiztrends.com website,
- 68 percent of small businesses surveyed store email addresses
- 64 percent of small businesses surveyed store phone numbers
- 54 percent of small businesses surveyed store billing addresses
Cyber criminals are constantly adapting to their environment. They still go after large companies, but instead of attacking a large corporation directly, they will use a small business as a pathway into the much larger corporate target. Don’t believe me, just ask Target. The reason this is becoming a more common attack vector is because SMB’s typically do not have the resources to properly secure themselves. In fact, a recent survey in smallbiztrends.com found that only 14 percent of the small businesses surveyed rate their ability to mitigate cyber risks, vulnerabilities, and attacks as highly effective. According to the same article in smallbiztrends.com, the average cost of recovery from a data breach for a small business is $36,000.00 and can lead to losses of up to $50,000.00. That is significant and in some cases can put a small business out of business.
You may be asking yourself, why are we providing you with all of this data? The answer is simple, being informed about your level of risk is the first step to influence you to do something about it. Here at CarTek Consulting, we pride ourselves on our ability to educate our clients on their specific level of risk, and we partner with our clients to develop cost effective solutions that will lower their risk profile. We have partnered with industry leaders such as Qualys and AlienVault to have the ability to offer you state of the art solutions at small business prices.
If you would like to find out how CarTek Consulting can partner with you and assist in lowering your risk of attack, please complete the form below and schedule a Security Assessment.
Definitions
- Phishing – the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.
- Spear Phishing – the fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information.
Citations:
Mansfield, M. (2017, January 3). CYBER SECURITY STATISTICS – Numbers Small Businesses Need to Know. Retrieved February 26, 2017, from https://smallbiztrends.com/2017/01/cyber-security-statistics-small-business.html
Wood, P., & Nahorney, B. (Eds.). (2016). 2016 Internet Security Threat Report (Tech.). Retrieved February 26, 2017, from Symantec website: https://www.symantec.com/security-center/threat-report
Marquez, O. (2016, July 26). The Costs and Risks of a Security Breach for Small Businesses. Retrieved February 26, 2017, from http://www.securitymagazine.com/articles/87288-the-costs-and-risks-of-a-security-breach-for-small-businesses