Cyber security is an ongoing challenge for businesses, with the addition of an ongoing global pandemic compounding the challenge.
Certainly, our research in this area confirms this. This year the Verizon Data Breach Investigation Report examined more breaches than ever before, including a record 83 contributors who demonstrate how the most common forms of cyberattacks have affected the international security landscape during the global pandemic. Our team of security experts analyzed over 29,207 security incidents of which 5,258 were confirmed violations (a significant increase from the 3,950 violations analyzed in last year’s report). Unsurprisingly, the conclusion is that, regardless of their size or industry, organizations will always face the risk of a cyberattack.
With many small and medium businesses, across various industries, including professional services, forced to work remotely during the height of the pandemic and slow introductions to work in the office, the risk of cybercriminal attacks is heightened, especially via ransomware and Phishing.
As cyber attackers get smarter and smarter, we need to parallel this response.
Reducing the data breach gap between SMBs and large organizations
The smaller the business, the lower the risk of cyber attacks, right? Wrong. This isn’t just a problem for global businesses – no business is too small for cyber attackers to know about or come in contact with.
In last year’s DBIR report, small and medium-sized businesses accounted for less than half of the number of breaches than large businesses. However, in this year’s 2021 report, the gap narrowed significantly with 307 breaches in large organizations and 263 breaches in small organizations, placing SMEs in the same risk bracket. It should be noted that this is not always a direct attack, attacks within the larger supply chain can also have a devastating effect on small businesses.
The DBIR report found that large businesses improved their response to finding breaches in “days or less” 55% of the time, with small businesses lagging slightly behind at 47%. It’s a small gap, but a gap nonetheless. With the same level of cyber risk, small businesses can no longer ignore security measures, they must have robust cybersecurity systems to protect their business against any threats or attacks. And violations can come at a price. In our analysis of the impact of a breach on businesses, we found that the median of impacting incidents was $ 21,659, with 95% of incidents ranging between $ 826 and $ 653,587, which represents a significant amount to pay for any business, especially during increased business pressures of the pandemic, and this can significantly hamper the resumption of operations. It should be noted that the Australian Strategic Policy Institute recently published a report on the global rise of ransomware, noting that “Australian organizations are not only seen as lucrative targets due to their often weak cybersecurity posture, but they are also seen as soft targets.”
DBIR 2021 highlights: Phishing and ransomware
Phishing is on the rise, and it was recorded as present in 36% of breaches in the DBIR dataset, up from 25% last year, an increase of 11% – but many companies just don’t know what it is or how to spot it. Since launching the report 14 years ago, the DBIR has consistently reported a roughly 25% year-over-year increase in phishing attacks, and it remains one of the top varieties of action. breaches over the past two years.
Ransomware is also on the rise and appears in 10% of breaches, double the frequency compared to last year. The majority of businesses are forced to make the decision whether or not to pay a ransom. This has not been seen before. It’s not about whether the company pays or whether it will disclose the data. The tone has changed and organizations are in a difficult position to make that decision, so it is very important to have a plan on how to respond to a breach by a ransomware attack.
Prepare for the unpredictable
You can never be too prepared when it comes to cybersecurity. Having a cybersecurity plan in place is a business imperative. Having the right systems in place is key to preparing for threats. The security of cloud computing is crucial in reducing cyber attacks and preventing financial and reputational collapse. Additionally, implementing multi-factor authentication on sensitive business documents will be critical to preventing potential credential theft.
Anyone with points of contact with the business should know what they need to do to prevent any potential attack or breach. There will always be human error that will come into play, with DBIR reporting that 85% of violations involved a human element. These errors are unlikely to ever go away altogether, but with the right education and training for all staff, stakeholders and customers, on both direct and indirect cyber risks, that number is expected to drop significantly.
What’s the next step for small and medium businesses?
Although the pandemic has increased and highlighted the risk of cyber attacks, this is not a new phenomenon. Data breaches and cyber attacks are and always will be intimidating – but being prepared to manage them effectively while having the right protocols in place to prevent attacks will put organizations in a good position.
It is clear from the Data Breach Investigations Report that because of its size, being an SME does not exclude being a target for cybercriminals. As small businesses grow and develop, so do cybercriminals, but with strong security systems and effective employee management, business leaders can be confident that they have undertaken the right cyber preparation. to prevent attacks and minimize business risks.