How many times have you said that or heard that in the office environment? Probably more often than you care to admit. When that statement is made it usually applies to the costs associated with initiatives that sit on the budget bubble. These items or initiatives teeter on being shelved, usually as a result of a lack of enthusiasm or support. 

Regrettably, IT security has more commonly become an initiative that businesses discuss year-round but fail to act upon, instead waiting till next year to address the topic. That sense of urgency to act, to be proactive fails to be triggered, and most often it takes a devastating event such as a cyber-attack to force businesses to act.

Why the complacency?

Cyber-security is often seen as one of those big problems that only large corporations (i.e. banks, tech companies, governments) must worry about.  That only these larger entities have the resources, time and budget to address such initiatives come budget time. In fact, more people should be concerned with cyber-security at their workplaces, and not just the big corporations. It’s the smaller businesses, companies with less than 1000 employees (SMBs) that are at the greatest risk.  And, they are the greatest number of businesses in the US, which only increases the likelihood of being a target for a cyber-attack.

So, even though companies realize the inherent risk of being a target ripe for exploiting, there are a great number who shun enhancing their IT security in lieu of other projects and initiatives.  There also exists an increasing pool of SMB targets for cyber-criminals, more than at any time on history.  As a result, cyber-threats continue, becoming more sophisticated and developing new attack vectors into a businesses’ infrastructure and IT systems/applications.

“Wait till next year” wins again – and then there’s a cyber-attack

A phishing email is sent, malicious code deployed, and your businesses’ IT systems brought to a full stop.  Your IT perimeter has been breached, your data and applications hijacked. Everything is being held for ransom. What happened?

 

An employee tells the “IT person” they’re unable to unlock their laptop. They remember reading an email and clicking on a link that supposedly led to an invoice marked “PAY TODAY“. Then, all went blank on the screen.

The IT staff are responding but unable to react quick enough. Your IT systems are completely shut down, inaccessible, held for ransom. Productivity has slowed to a snail’s pace and the increased effort leads to increased costs. The public now finds out about the successful attack or breach, your company’s reputation now takes a hit.

Then, your customers and vendors are affected by the breach.  Cyber-attackers have found their way into your financial information and then your customer’s/vendor’s financial/transactional data. And that’s how it starts.

Cyber-criminals knock on as many doors as possible, they assume you’re one of those small- to medium-sized businesses who’s “waiting till next year” to address their emailweb and data security. 

Cyber-criminals thrive because of the lack of on-going IT security initiatives this year, not next year.  Cyber-criminals look for any open door, any weak spot.  They simply won’t stop.  They’re developing new threats, sophisticated threats that learn from their mistakes utilizing AI and machine learning. 

These new, cultured threats only exacerbate the problem and relish in our laziness. 

Here are just a few statistics published on hackmageddon.com that demonstrate the stark reality of today’s malware cyber threats:

 

  • 155 events in April 2019, a 10% increase compared with March, when this number was 141
  • Top Three Attack Motivations – In April, Cyber Crime ranked #1 with a slight increase (81.9%) compared to 79.4% recorded in March 2019. Cyber Espionage was 14.2% and Cyberwarfare dropped to 2.6% (from 4% in March 2019)
  • Top Three Attack Methods in April 2019 – Ransomware, Account Hijacking and Targeted Attacks

There is also the Top 10 Malware Activity to consider, published by cisecurity.org it accurately portrays the collection of dangerous malware variants that led to more than half of all malware notifications sent in January of 2019:

 

The MS-ISAC Top 10 Malware

    1. Emotet
    2. WannaCry
    3. Kovter
    4. ZueS
    5. Dridex
    6. IcedID
    7. Gh0st
    8. Mirai
    9. NanoCore
    10. Pushdo

Hornetsecurity News


Stay in touch

Sign up to get the latest News about Cloud Security.

So, we understand there’s a constant threat. Malware and ransomware are working harder than ever to get inside your IT security perimeter. We also realize the threat is getting smarter, banking on our vast gullibility to make a mistake. That mistake may likely come in the form of a dismissive delay, a “wait till next year” mentality.  But be forewarned, stifle being (pro)active about your IT security for yet another year and the results could be disastrous.

 

Why assume that risk for yet another year?

 

One misstep, like the urgency over an invoice attached to an innocuous email could open the door for a cyber-criminal. Now repeat that a million, gazillion times. Because that’s how often business gets done over email.  As of 2018, there are about 124.5 billion business emails sent each day, the average office worker receives 121 emails per day. Add in the growing number of SMBs in the US market alone. That’s one appetizing bowl of fresh meat for any cyber-criminal.

So, what can SMBs do to reduce the risk of cyber-crime?

Start a conversation about your needs and then, act. First and foremost, uncover where you are vulnerable in relation to your IT security.  Listen to experts in your field who are well-trained and certified/accredited to provide the right IT security solutions.

 

These things involve time, but I can assure you that talking about your IT security and beginning to act is far better than delaying it till next year. Those few initial steps are crucial; it means you are acting and simply not reacting to a potential cyber-related event at your SMB.  It displays you’re being proactive about your businesses’ defenses, data and e-communications.