03 Jan 2017 Cybersecurity Threats: Are you Ready?
Stories of high profile cyberattacks were plentiful in 2016. Experts predict those threats will grow in 2017. While we may hear more in the news about the big targets and massive breaches, small and medium-sized businesses remain the victims of most attacks and the least likely to recover. In 2017, small firms should resolve to bolster their defenses and prepare a response plan in the event of a breach.
As we reflect back on the cyber-history of 2016, we may recall the attacks on the Democratic National Committee that resulted in the exposure of sensitive information, the Distributed Denial of Service attack that disrupted the internet, or revelations by Yahoo of breaches that compromised over a billion user accounts. These high profile cybercrimes may give small companies the impression that they are too insignificant to be the target of such ambitious cybercriminals. In truth, an estimated 62 percent of cyberattacks are targeted at small and medium-sized businesses.
The trends in 2016 reveal a growing cyberthreat. The explosion of ransomware (where a victim’s data is held hostage until a ransom is paid) provides an example of how new threats evolve. A recent analysis by IBM estimates a 6000% increase in the volume of spam emails with the ransomware form of malware last year. There were some 4000 ransomware attacks daily and an estimated 40% of spam emails contained ransomware in 2016. Ransomware has proven lucrative to cybercriminals who made $1 billion using this tactic so we can expect them to continue to use and refine it in 2017.
In addition to an evolving ransomware threat, experts predict more attacks via the Internet of Things and the cloud in 2017. While disruption may be the goal of some hacks, in the case of business targets the motive is more likely monetary gain. While the cybercriminals seek financial reward from selling data, business victims are paying a big price. One thousand data breaches in the U.S. in 2016 exposed an estimated 35 million personal records, at an average cost to business of $221 per compromised record. An average data breach costs a business $7 million, and for small companies it’s about $5 million, according to a Ponemon/IBM study. Phishing grew rapidly in 2016 and remains the entry point for many hackers. According to PhishMe, nine in ten cyberattacks begin when a user clicks a phishing email link. The cost of an average spear phishing attack is $1.6 million.
The contributors to cybersecurity risk are not new. The Information Systems Security Association and Enterprise Strategy Group conducted a recent survey that pointed to: 1) a lack of employee training, 2) low priority among business and executive management, and 3) a lack of cybersecurity personnel as the most likely culprits.
As part of a company’s annual IT assessment and planning, businesses should review and update their cybersecurity protocols. In 2017, small and medium-sized businesses should resolve to make cybersecurity a priority. Our free ebook will help your business identify the risks and bolster your defenses.