Your cybersecurity arrogance could lead to your extinction.
A data breach will cost your business money.
Yes, even if you're “only” a small to medium business (SMB). As I've said before, cybercriminals are after you too because you're usually easy meat.
The Ponemon Institute calculates that it costs $158 for every lost or stolen record (from 2016 Cost of Data Breach Study: Global Analysis). Sound like an overestimate? Nope. That cost includes direct costs (discounts to keep customers happy, forensic experts, and outsourcing hotline support); indirect costs (internal time to investigate); and an extrapolation of decrease in brand value and lost customers.
I'll say it again: a data breach will cost your business money.
Worse, continuing to ignore your cybersecurity could lead to your extinction. Quick recap: small size is no protection from cybercriminals. For more details read, Data Security Risks: Your Small Business Can Be Hacked Too!
I've just read a survey report from Solarwinds, Cybersecurity: Can Overconfidence Lead to an Extinction Event?
On the surface, that title might sound over-the-top. It's not. Without going into detail on the statistics, the survey reveals that 87% of organizations have “complete trust” in they network and information security techniques, but that 71% of those same organizations have been breached in the last 12 months.
There's an obvious gap between perceived security and security in reality. I won't go so far as to say these businesses are delusional about their cybersecurity, but that's at least very ironic.
The 7 Deadly Sins of Cybersecurity
The report calls these pitfalls. I think that lets companies off too easily. Each of these seven sins is a well-known and understood security issue. These aren't hidden pitfalls that companies accidentally stumble into. They are issues that too many companies willfully ignore at their peril.
Inconsistency in Enforcing Security Policies
Only 32% of companies claim that they have security policies that are enforced and regularly audited.
Negligence in the Approach to User Security Awareness Training
People make mistakes. Employees are your largest threat to the security of your business. Not because of maliciousness, but because of ignorance. Amazingly, 84% of companies pay lip service to security awareness or don't do anything at all (13% of companies). As social engineering attacks become more sophisticated, avoiding security awareness is an invitation to disaster.
Shortsightedness in the Application of Cybersecurity Technologies
Of the nine most typical cybersecurity technologies, barely over 50% of the companies deployed these three: anti-malware technology, email scanning, and Web protection. That also means that nearly half of businesses AREN'T protecting themselves with these readily available protection methods.
This is literally like leaving your front door unlocked in a high crime area.
Complacency Around Vulnerability Reporting
Companies aren't even bothering to see if they're vulnerable. Only 29% call their vulnerability reporting robust in that they report “the vulnerability, access, and exposure of organizational data on endpoints.
Going back to our front door analogy, this would be like not bothering to check if your locks were even working.
Inflexibility in Adapting Processes and Approach After a Breach
Granted, there is no such thing as 100% security – between negligent employees and cybercriminal expertise, there's always a chance your system could be hacked regardless of your best efforts. That doesn't mean you shouldn't try. After a breach, 14% did nothing while only 44% implemented new technology and 41% changed their processes.
Stagnation in the Application of Key Prevention Techniques
Fewer than half of companies had implemented these techniques. A small minority implemented all of them.
Lethargy Around Detection and Response
40% of companies improved the time to detect, respond to, and resolve security issues. 33% stayed the same and, amazingly, 26% got WORSE!
How many of these sins is your business indulging in? Your business might not go the way of the dinosaurs or the Dodo bird, but ignoring basic cybersecurity improvements can put you in the endangered species list.