Renewed Focus on Cybersecurity Coming in 2017
Small businesses represent low-hanging fruit for hackers. Here’s what could cost your business in the coming year.
Credit: ShutterstockAlthough it is the large data breaches and other cybersecurity incidents that grab the headlines, small business has long been a low-lying fruit for hackers. While the volume of information available may not equal that of a global corporation or government agency, what hackers can grab from small businesses is equally valuable and easier to grab. The reasons are simple: lack of resources to implement strong security, employees who don't have security awareness training, and an IT team inexperienced with security protections, if there is an in-house IT team at all.
The risks to small businesses were emphasized in Symantec's 2016 Internet Security Threat Report. In addition, a study sponsored by password manager Keeper Security and conducted by the Ponemon Institute titled, "2016 State of Cybersecurity in Small and Medium-Sized Businesses," found that 55 percent of SMBs have experienced a cyberattack in the past 12 months. For this reason, Darren Guccione, CEO at Keeper Security, predicted we will see an increase in security incidents targeting small businesses in 2017, and it would have a damaging effect.
"According to the U.S. National Cyber Security Alliance, 60 percent of small companies were unable to sustain their businesses more than six months following a cyberattack," said Guccione. "A cyberattack costs a company $4 million, on average. With 71 percent of all cyberattacks targeting small businesses with fewer than 100 employees, it's imperative that SMBs strengthen their defenses or risk going out of business."
This is just one of the cybersecurity-related scenarios security experts predict will impact small businesses in 2017. Here are four more predictions:
Small businesses will become a bigger consumer of cybersecurity solutions
Security experts at Deep Instinct, a company that applies deep learning to cybersecurity, believe that 2017 will be the year small businesses will become major consumers of security tools to protect their company assets and customer data.
"Cybersecurity has become a critical concern for businesses and organizations at every level," said Guy Caspi, CEO of Deep Instinct. "The scale of security spending by small businesses will increase due to the growth in frequency and scale cyber-attack, as well as the risk of facing grave financial and reputational losses in the wake of a cyber-attack, they added. Also, the move of into cloud applications, as well as the increase in mobile devices and the Internet of Things (IoT) in the workplace, will require investing in cybersecurity solutions to protect these domains."
Advances in multi-factor identification will be available to small businesses
Gone will be the days of using one-time passwords to perform basic transactions, said Grant Sainsbury, SVP of strategic services with Dimension Data Americas, a data analytics company, and instead expect to see the emergence and use of very dynamic ways to authenticate identities. "For small businesses, multi-factor authentication technologies are becoming more accessible and cost-effective, and easier to implement. The tools combat any poor user password practices (weak and/or reused passwords, etc.) by requiring multiple, unique identification factors, and help companies protect important information assets and prevent breaches," said Sainsbury.
Internet of Things will add new security vulnerabilities
Small businesses should definitely be concerned with the use of IoT devices within in their organizations, as they are the most likely types of companies that would use these consumer-grade devices for business purposes, according to Nathan Wenzler, principal security architect at AsTech Consulting, a San Francisco-based security consulting company.
"Many IoT devices may offer some of the high-end functionality of other enterprise-grade products, but at a fraction of the cost. However, these devices are simply not as secure, or even capable of being secured, as a more robust product." It's why Wenzler predicted that IoT could present new security vulnerabilities for unsuspecting small businesses.
"Small companies who are entertaining the idea of utilizing IoT devices should be sure to do as much research about the product as possible," Wenzler advised. "What operating system is it running on (some are designed with more security features than others)? Does it support any security measures like user authentication or encrypting its traffic? Can it be easily monitored from a central interface? And of course, does the initial cost savings outweigh the potential for that IoT device to be used to hack your network and cause a data breach or other outage?"
The security skills gap will have an effect on small businesses
Reuven Harrison CTO and Co-Founder at Tufin, a security policy management company, expects the security skills gap we already face will widen because threats come from multiple security vectors, and this will require new skills for already over-taxed security professionals. This will have a trickle-down effect on small businesses who rely on third-parties to advise them on security matters.
"Small businesses already struggling with security will need to learn how to do more with less," said Harrison. "This means employing the right tools at the right time – and there's no better time than the new year. Network security change automation solutions can help increase business productivity, agility and overall policy compliance. Changes to a network can be assessed and implemented automatically and in accordance with the company's security policy, providing enhanced business agility, as well as a robust security posture. Tools that enable continuous compliance while supporting businesses to implement accurate changes in minutes versus days can help small businesses struggling to keep up."
What all of these predictions have in common is the expectation that small businesses will put a greater emphasis on cybersecurity by adopting new tools and systems and recognizing where potential security weaknesses are hidden.
"While the majority of corporate leaders understand the importance of investing in a range of solutions to combat against the rise of cyber threats ranging from ransomware to advanced persistent threats," said Caspi, "more and more small businesses are realizing that size doesn't matter when it comes to cyberattacks." It's why 2017 could be the year that small business fights back against security threats and take actions to become more vigilant.