Small and Medium-Sized Businesses are Increasingly Targets of Cyberattacks
Cybersecurity an Essential Business Investment
Cyber attacks have grown exponentially in recent years to the point that many business owners view them as commonplace and, in some instances, unavoidable. But indifference is a dangerous attitude when it comes to cybersecurity, as is borne out in the steep increase in the number of cyberattacks in the past year.
We all remember the June 2021 cyberattack that hit JBS, the world’s largest meat processor. The ransomware attack shut down JBS operations in several countries for days and ended with JBS paying $11 million in ransom. But few people are aware of the cyber incursions and attacks that hit small and medium-sized businesses every day.
Average weekly cyberattacks in 2021 by selected industries and the percentage increase over the previous year were:
Because they are often easier targets, small and medium-sized businesses increasingly became targets of cyberattacks and cyber incursions in 2021. Nearly half of cyberattacks were targeted at small businesses last year, but only 14% of small and medium-sized businesses are equipped to defend against them.
The most common cyber incursions are email phishing scams, malware attacks, login credential theft and – in the most extreme cases – ransomware attacks.
More than half of small businesses in the U.S. reported being the target of at least one cyber incursion last year, and of those, nearly half experienced eight hours or more of down time as a result.
Cybersecurity an Essential Investment
Small and medium-sized businesses are the backbone of American businesses, constituting more than 90% of U.S. companies. Many of them believe they don’t have the resources to build the strongest defenses to protect their data and their businesses against growing cyber threats. But in 2022, cybersecurity is as essential a business investment as employee salaries or business insurance. If you don’t make the investment, your business may be hit by a cyber incursion that will halt operations.
The first step in building a strong cybersecurity program is to identify vulnerabilities in your organization’s infrastructure and put in place the right combination of technology, policies and procedures to safeguard your data and your IT systems.
A cornerstone of good cybersecurity is a Cybersecurity Risk Assessment, which will help you understand where your risk is and build a roadmap to a strong cyber defense position.
But cybersecurity is not a one-and-done proposition. Once your risk assessment is done and safeguards put in place, it’s important to build in strong ongoing support services so you can stay on track. Cybersecurity is not a static practice. New threats are emerging every day and as your business grows, new risks and vulnerabilities can become evident quickly. Ongoing support will help you track progress against benchmarks, do some effective strategic planning, discuss risk scenarios, and conduct regular vulnerability scans.
Isn’t IT Doing This?
It’s important to note cybersecurity differs from IT services. Your IT department has enough to do, and keeping up with a constantly changing cyber threat environment is a challenge. Ongoing cybersecurity services will work alongside your IT professionals to align cybersecurity resources with the technology and internal procedures you already have.
Good cybersecurity practice is no longer a matter of asking the IT department if the daily backups are OK, and to the extent that policies and procedures are a matter of “we’ve always done it this way,” change is essential. Policies and procedures need to be in writing and must be available to stakeholders such as company board members and even lenders.
Your data and systems are essential to your business. If you would like to start a discussion about how you can protect your business in today’s cyber threat environment, contact your Adams Brown advisor.