Cybersecurity: Big Challenges for Small Businesses
While you can lead a horse to water, you can’t make it drink. Similarly, we can talk and talk and talk about cybersecurity, but that won’t get everyone who needs to do something about it to do so. And this is especially true for smaller businesses.
The people who own, operate, and work in small businesses of all types are increasingly dependent upon connected devices and mobile, on-demand networking. In addition, most of those people rely upon the same technologies and devices they use at home to do their jobs.
This means all the threats that challenge consumers challenge those at small businesses equally, if not more so.
Cybersecurity and privacy threats bedevil small and large businesses alike. And while larger organizations may have more resources to address these challenges, they are no less critical to smaller organizations. As they must do to become and remain competitive, owners and operators of smaller businesses must be creative and focused as they explore ways to make their organizations more secure online.
Threats Are Getting Better, Smarter, and More Expensive
Cyber security threats are growing, in number, type, and sophistication, not least because attack surfaces are expanding. Devices that aren’t kept up to date or that have user-created vulnerabilities can, for example, be hacked to broadcast live video while they appear and behave as if they are turned completely off. Malefactors can do things like create authentic-sounding voice mail messages from recordings of one’s boss, customer, or supplier. Criminals can use such recordings to fool subordinates into wiring money directly to criminals. Phishing emails and phone calls are based on corporate and personal information easily gathered online and from casual observation and conversation. These methods continue to succeed in getting legitimate users to do things that range in effect from annoying to business-crippling.
Despite the media attention devoted to cybersecurity and privacy, many small businesses have done little about either concern. These same media often feature pundits and practitioners who extol the virtues of a “culture of cybersecurity.” However, this may be a significant challenge for many smaller organizations. After all, many if not most small businesses are started and run by entrepreneurs who tend to be optimistic by nature. Many are likely to make cybersecurity a lower priority than more obvious immediate needs, believing their business won’t be hacked. In fact, Accenture reports that just 14% of small businesses are ready to defend themselves against cyber attacks.
In reality, almost every small business likely has already been breached, will be breached, or has been breached but just doesn’t know it yet. Research conducted for the 2019 Verizon Data Breach Investigation Report found that 43 percent of cybersecurity breaches victimized small businesses. This annual report analyzed 41,686 security incidents, 2,013 of which were confirmed data breaches.
A 2018 Ponemon Institute study, The 2018 State of Cyber security in Small and Medium Size Businesses, is based on interviews of 1,045 individuals at companies in the US and UK with between 100 and 1,000 employees. In the 12 months preceding their interviews, 67% of respondents reported their companies experienced at least one cyber attack, and 58% reported at least one data breach. Respondent companies spent an average of US$1.43 million each to deal with the aftermath of these events. That figure is 33% higher than the US$1.03 million the average respondent company spent on cybersecurity attack and data breach recovery in 2017. Yet the 2018 Juniper Research report, The Future of Cybercrime & Security: Threat Analysis, Impact Assessment & Leading Vendors 2018-2023, found that small businesses spent an average of less than US$500 on cybersecurity defenses.
Big Risks – and Big Opportunities
Many small businesses have limited IT and cybersecurity resources, if any. But almost every small business is part of one or more value chains that connect suppliers, partners, and customers. A breach at one company can quickly spread across the entire value chain, wreaking havoc far beyond any individual computer, person, or company. This becomes even more critical as new laws intended to protect privacy and penalize violations, such as the California Consumer Protection Act, take effect and continue to evolve.
Fortunately, these risks and challenges also offer potentially significant benefits. Effective cybersecurity and data protection make your business more agile, responsive, and trustworthy. Strong protections can be marketed and deliver significant competitive advantages.
Improve Your Cybersecurity: Things You Can Do Now
So how can small businesses achieve greater cybersecurity and privacy protections? Despite the daunting challenges, creating and sustaining that culture of cybersecurity is essential. Every staff member and executive in every part of your business has a role to play in making and keeping your business more secure. You and your colleagues must define those roles, make them and their importance clear to everyone, and do so regularly. However large or small your company is, its culture of cybersecurity must start at the top and be spread and supported across the entire organization.
A resource that every US company should be aware of is the Cybersecurity Framework overseen by the US Department of Commerce’s National Institute for Standards and Technology (NIST), which includes guidance small businesses can use.
In part 2 of this blog series, I’ll be setting out an action plan for the major cybersecurity issues that you need to consider to start making immediate improvements to your company’s security. If you’re company is one of the 86% in US that isn’t prepared for a cyber attack, don’t miss it!
In the meantime, you can read more about Huawei’s cybersecurity solutions for enterprises here.
Disclaimer: Any views and/or opinions expressed in this post by individual authors or contributors are their personal views and/or opinions and do not necessarily reflect the views and/or opinions of Huawei Technologies.