It seems that there’s no such thing as “too big to fail” these days. Yahoo! last year revealed that around 500 million accounts were compromised as part of a security breach in 2014 (and later revealed near a billion accounts were breached in 2013) – and they only disclosed towards the end of 2016.
Earlier in 2016, Dropbox also announced that the 2012 breach the cloud storage service suffered was worse than reported, urging users to change passwords that haven’t been updated since.
Security firms also noted increases in the number and size of distributed denial-of- service (DDoS) attacks last year.
Security blog site KrebsOnSecurity.com recently suffered a massive DDoS attack at 665 Gbps – already more than five times the brunt of the then record 120 Gbps hit on Spamhaus in 2013.
With such attacks becoming commonplace, it’s really time organisations consider security as part of their business strategy. Users are becoming more conscious of how poor security can expose their personal and financial information, and companies stand to lose if security is taken lightly.
Attack risks are rising
It’s not just big tech firms that are getting hit. Over the past years, companies across industries like healthcare, tech, entertainment, and retail all suffered attacks. DDoS, stolen records and ransomware are some of the more popular types of attacks.
These are expected to continue, and what’s scary is that there is speculation that these security attacks might be state-sponsored, with the intent of stealing classified information.
>See also: Busting the 7 myths of cyber security
Some security analysts even believe that there are entities looking to bring down the Internet infrastructure.
These attacks also are getting costlier, with data becoming the life blood of today’s enterprises. According to an IBM and Ponemon Institute study, each leaked record costs $158 – up compared to previous years. Publicly traded companies could also see their stocks drop after news of leaked data.
Companies with poor security histories are likely to pay the price come acquisition such as with Yahoo!’s sale. Its new owner, Verizon, isn’t pleased at the length of time it took Yahoo! to disclose the breach.
If there’s one thing we can learn from the fallout of security breaches like that of Ashley Madison, attacks can even spell the demise of a whole company, stemming from class action suits, loss of trust and even customer pilferage by competitors.
Why even startups and SMEs should take action
Most startups and SMEs think that only big companies are exposed to such threats. With how connected businesses are today, it’s hard to image any part of the business that doesn’t rely on the Internet.
SMEs are even more likely targets since many aren’t keen on investing on security systems.
Loss from attacks can come from multiple sources – downtime, IT recovery, lost customer, damaged reputation, and employee productivity – any one of which can seriously hurt a small business’ bottomline. Network downtime for SMBs are estimated to cost at least $20,000 an hour.
Many organisations are now appointing chief information security officers (CISO) to spearhead data security efforts.
However, smaller firms often are faced with staffing issues, often putting people to task at multiple functions. A very specialised function such as IT security might be a challenge to absorb internally, but someone has to step up.
What can be done?
Measures definitely need to be taken to address these risks. Organisations should have a thorough review of how much they rely on IT, and therefore be able to plan for the impact of downtime and prioritise those functions for protection.
For example, a small office that only uses computers for office productivity can put focus on malware and email protection, while e-commerce ventures that serve customers online might be looking at heftier investments in encryption, intrusion safeguards, and DDoS prevention.
A digital startup looking to gain traction for its product should also ensure better safeguards against data theft and malware attacks by deploying cloud based web application firewalls.
Meanwhile, SMEs focusing on content delivery might do well with a CDN that already bundles in a firewall and anti-DDoS safeguard in one package.
Organisations should also take steps in educating and training staff, in order to minimise risks that come from social engineering or weak authentication. It is common for IT downtimes to occur due to some careless employee clicking a link on some shady website or plugging in a rogue thumb drive in a secure network.
The sooner the better
Most victims only apply prevention measures after they’ve suffered attacks. Solutions created specifically for smaller organisations and cloud-based services have made protection from these attacks easier to implement.
For SMEs, investing in security outweighs the potential costs of suffering from downtime and security breach. The risks of security breaches are real and it’s no better time to act on securing IT than the present.