In reality, your business is probably more vulnerable than you think, and the size of it is irrelevant. More than half of all businesses were hit by ransomware attacks alone in the past year, and ransomware is just one of multiple attacks your business could face. The costs involved in any cyber attack are significant, and this doesn’t just involve the possibility of paying a ransom. It’s also the cost of cleaning malware from a computer, data loss, and even fines from regulators, as well as reputational damage.
In total, 43 percent of small businesses are targeted by cyberattacks (the remainder being directed at medium businesses and enterprises). While larger businesses may be able to wear the costs of an attack, most small businesses can’t. 60 percent of small companies close within six months of a cyber attack.
The reality is that no matter the kind of business you’re running, you’re almost certainly going to suffer a breach if you don’t pay careful attention to your security.
The likelihood of a cyber attack
Of course, there are some sectors that are more likely to be targeted by cyber attacks than others. If you’re working in government, for example, then you’re going to be on the radar for malicious state actors. If you’re in technology, hackers simply see you as a challenge. Retail, meanwhile, has all those juicy credit card and payment details just waiting to be targeted.
The common thread between sectors likely to be targeted is data. Most commonly, hackers try to capture personally identifiable data that they can sell to identity thieves, or credit card details that can be tapped out quickly for money. If your online presence is just a non-payments website, or you have highly specialised data that isn’t of much use to a hacker (such as a small media organisation), then you’re less likely to be targeted. Despite this, it is still recommended that you protect your business, but it’s useful to know the relative risks as they stand.
It’s also worth noting that a lot of people think a cyber attack involves a hacker “breaking in” to a company by writing thousands of lines of code. That image works for Hollywood, but the reality is that often the most effective cyber attacks are when a spam email has a dangerous link, and tricks someone into clicking on it. Hackers send those out indiscriminately, so it doesn’t matter what sector of business you’re in, or the size of your company.
What impact does a cyber attack have?
There are many costs involved in falling victim to a cyber attack, and they all need to be managed—a process that can take weeks (or longer).
1) Financial costs
Cyber attacks can affect your organisation monetarily in several ways. The theft of corporate and financial information can give the hackers access to your business revenue, or you might need to pay money to ransom your equipment. A further cost could come from needing to replace irreparably compromised technology. Then there’s the cost involved for every minute and hour that your workforce can’t do their jobs because the attack has taken them offline. You may also lose sales or contracts if you are offline at the wrong times.
2) Reputational damage
A softer, but potentially longer-term impact of a cyber attack, is the reputational damage that it can incur. You can lose customers and sales if customers no longer trust that they can safely transact with you, resulting in lower profits over the long term. The old truism, that it’s easier to maintain existing customers than find new ones, applies doubly during this loss; winning formerly loyal customers back can be a very long and costly process.
3) Legal consequences
Regulators take an increasingly dim view of cyber breaches, and failures under the Privacy Act in Australia (i.e. where customer data is compromised) can reach as high as $2.1 million for businesses. There is also the potential for civil action if a cyber breach has affected a customer in a detrimental way.
How can I avoid a cyber attack?
The simple answer is that you cannot stop your business from being a target. However, you can protect your business from being compromised by a cyber attack by having the correct security solutions in place. This might sound simple, but you’d be surprised how many businesses think that an off-the-shelf firewall and antivirus solution is sufficient to protect their entire environment. If you can’t afford an in-house security team to properly architect a security solution for your environment, then outsourcing to a good managed security provider can help you ensure that your IT environment is properly protected.
In addition, it’s important that you keep a robust data back-up system in place. If a breach should occur, then the loss of data can become the single greatest cost to the business. Having frequent scheduled backups, and a strong archival policy, is essential to be able to restore any data lost through a cyber attack.
Finally, make sure your entire workforce is educated about security best practices on the Internet. Teach your team how to identify suspicious emails or links, how to verify a website before entering information, and how to avoid handing over passwords and other login information to the wrong people. The most common and effective cause of cyber attack remains simple social engineering, and making sure your people are properly trained on cyber safety is one of the most potent steps you can take to protect your business.
Cyber security and the risk of attack should always be considered as a board-level concern in large enterprises, mainly because the costs and damage are so significant that it is an equivalent impact to an office burning down, or similar disaster rendering the business unable to work. You may think that a small business is beneath the interests of hackers, but often they are seen as the easiest targets. For any SME that is affected by a cyber attack, it can very easily be a business-ending event. To avoid the potential of an attack, and to mitigate risk, it’s important that you treat your IT security as a priority now, and into the future.
Not sure where to take the first steps with cyber security? Consider engaging a specialist like Nexon to outsource and ensure industry best practice. Reach out to an expert today.