Essential Cyber Security Facts for Business Owners in 2021

Tuesday, 17 August 2021

Essential Cyber Security Facts for Business Owners in 2021 Nearly every business in operation needs to be online in some capacity to reach clients or customers. Alongside the rise of the internet, there has been the constant threat of cybercrime, scams, hackers, etc. While that is not a reason to hold back on expanding into online spaces in nearly any industry, it is a factor that needs to be accounted for and addressed. There is also the matter of trying to stay ahead of the curve in terms of cybersecurity. Cybercriminal activity is a big business, and so is cybersecurity. As we will see, billions of dollars are active on both sides, and that number will only grow. While, of course, you do not need to spend billions of dollars yourself, you do need to stay abreast of the situation and prepare countermeasures to potential threats. Here is what you need to know in 2021 and the information you need to prepare yourself and your business: Some Simple Facts About Hacking and Cybercriminals Starting out, we think it would be best to clear up some potential misconceptions about how hackers operate, what they do, and how they are organized. It might not be what you think, and it certainly is not how most movies portray them (whether in a positive or negative light). Hackers will generally not spend days at their computer trying to break through the heaviest encryption layers. They might do so for sport, but if they are trying to make money (and the vast majority of the serious ones are), they will look for the path of least resistance. They’re likely to be passive in their efforts, either out of laziness or the desire to work on other projects at the same time. Additionally, while the idea of the lone wolf hacker has persisted across modern media, in truth, most cybercriminals work in organized collectives or as part of a criminal organization. These types of crime rings perpetrate 80 percent of cybercrime. In some cases, a hacker cluster might not appear all that different from a regular IT office, with people coming and going in shifts and working at their desks. Cyberattacks are constantly happening. While the data might vary based on the study, it is estimated that an attack occurs every 39 seconds. Not all of them need to be successful to cause an impact on the market. When it comes to cyberattacks, about 43 percent of them attack small businesses. Even less than half of all cyberattacks is still far more than most people can imagine, and you need to make sure your business is prepared for a constant onslaught of attempts. Total cybersecurity spending in 2021 is projected to reach about $43.1 billion. While the exact numbers are still waiting to come in, there is a clear trend upwards. In what can only be a great cause for concern, the total cost of cybercrime worldwide is expected to reach 6 trillion dollars in 2021. This might seem like a massive number, and it is, to the degree that it is larger than the GDP of any individual country except the United States and China. This shows how much businesses have to lose. In total, there are about 4 million people employed in the cybersecurity sector in one form or another, and it is generally considered there is still a shortage in the field. One of the current problems is that experts are in high demand. As such, many businesses feel that they have to go without, ignoring cybersecurity in general or not taking it seriously enough as a result. Specifically, according to the CyberEdge 2020 CDR Report, 85 percent of businesses do not feel they have enough skilled IT personnel. This is up from 84 percent in 2019 and 81 percent in 2018. According to the 2020 Data Breach Investigations Report, about 28 percent of data breaches had a small business as its victim. While the number is going down from over 40 percent last year, it is still alarming, and small businesses need to assume they will be targeted. The number of targets, both at small businesses and outside of them, is increasing. The number of connected IoT devices will reach 75 billion within the next few years. As of 2020, there should be about 31 billion devices on the IoT. While not all of them hold valuable data, they all need to be considered in the context of cybersecurity. All of this is just the tip of the iceberg. Depending on your research, there are many other statistics to consider. How Valuable Is Your Data? While most hackers would be happy to drain your or your business’ bank account directly if they had the chance, that is not the easy and worthwhile route for most of them. Instead, most of them are more interested in your business’ information or that of your employees or customers. In some cases, they might be interested in trade secrets or sensitive financial information that should not be released to the public. Here are some statistics to clarify the value of your data: We can consider how much organizations are willing to pay for data held captive by ransomware, which effectively locks access until the ransom is paid or other measures are taken. This can be automated or via a more personalized method. That amount is rising, according to information from Cover. Additionally, the number of businesses that pay up when a ransomware attack hits is increasing. According to CyberEdge, 57.5 percent of companies paid the ransom in 2020. This is up from 45.1 percent in 2019 and 38.7 percent in 2018. However, it is not recommended to pay, as tempting as it might be out of fear. Out of those who paid the ransom in 2020, only 66.9 percent of organizations recovered their data. Conversely, 84.5 percent of businesses that did not pay the ransom eventually recovered their data. People are most interested in identity theft, according to PurpleSec. Consider the breakdown of breach incident reasons or types: While people might think that their small business doesn’t need to be concerned with identity theft, that could not be further from the truth. Your business has employee records, your records, and sometimes customer records, and often enough information to perform identity theft on someone, especially if other information is known about the victim. If your business has not taught you this already, data is a commodity to be sold and traded, although your business might not do so itself. The average value of someone’s personal information will vary from a few cents to thousands of dollars. For organizations, that number could be much, much higher if they know how to use it. Legal or illegal, how valuable would exact data on your competitors be to your business? Entities are willing to pay for such information. Data is not the only valuable thing lost in a data breach. According to a Cisco report, employees had to deal with quite a bit of downtime as well. The exact amount differs depending on the size of the business and other factors. Assuming anywhere from 5-16 hours of downtime (the numbers vary significantly from incident to incident), you can do the math of how much that will cost your business alone. You have likely heard the term metadata before, and it refers to the larger trends of data and information, usually on customers and business practices. Now it is unlikely that cybercriminals will attack your business just to grab metadata (unless your business revolves around research, etc.). Still, it will be available to hackers in some situations, will be mined in some cases, and it will be sold if possible. While we do not have exact numbers for metadata’s price, note that many businesses generate most of their income by collecting, processing, and selling it. Social Engineering and the Human Factor While you might think of hackers and scammers as people who are cracking codes and breaking algorithms, pitting themselves against programs and computers, the truth of the matter is much more complicated. Social engineering is the use of methods that manipulate people to get information. Some might use impersonation techniques, and others will play a confidence game. In all cases, the damage can be significant, and smart decision making and policy is the counter instead of better firewalls. Here are a few things to know about this phenomenon: According to most studies, human error is the cause of 90 percent of data breaches, or at least the vast majority of them. This is because most hackers recognize that attacking your IT infrastructure itself would be costly in terms of time, especially when there is likely a more straightforward method via social engineering. Would you try to pick a lock if you know there is a key somewhere around the entrance? According to a 2019 report, about 70 percent of SMBs stated that employees’ passwords were lost or stolen in the last year. This is a major oversight and alarming to anyone paying attention. This also means you need an extra layer of security in place other than just passwords. Mandating two-factor authentication when possible certainly helps, and the situation might call for other methods. Additionally, the same report also states that 70 percent of businesses are concerned about passwords getting compromised in some manner. About 54 percent of small to medium businesses had no knowledge of their employee’s practices regarding passwords. While the exact numbers differ from study to study, it is clear that phishing is the most common tactic and most commonly successful tactic that hackers use. It’s the bread and butter of social engineering. Business owners will need to address this threat and make sure it is addressed for every single employee. Despite this commonality, only three percent of targeted employees will report an attempted phishing attack up the chain, perhaps because they are simply so common. The Consequences of a Data Breach Data breaches are far more costly than nearly any amount of cybersecurity preparation and training you could invest in. They can outright ruin companies and tank their reputation for years. For smaller businesses, they can be a death sentence.

Essential Cyber Security Facts for Business Owners in 2021