It’s no secret that cyber threats are advancing at an alarming rate. Whether it’s through social engineering, malware, zero-day attacks, or DDoS attacks, every organization – no matter their size or industry – is at risk. While enterprise-level organizations are more likely to have the resources needed to mitigate these advancing threats, small businesses and startups alike must recognize that they are equally as likely to face a data breach or security incident.
Who’s At-Risk for Cyber Attacks?
No matter which industry you’re in, there’s sensitive assets to be stolen. Protected health information, payment card data, Social Security Numbers, dates of birth, phone numbers, email addresses, confirmation numbers, travel reward numbers – malicious hackers want it all, and they won’t discriminate based on what industry you’re in or the size of your company. But because we often see data breaches of enterprise-level organizations in headlines, it can be easy to think that small and medium size businesses aren’t targets for cyberattacks. This couldn’t be further from the truth, though. In fact, according to the Ponemon Institute’s 2018 State of Cybersecurity in Small & Medium Size Businesses report, 61% of small and medium businesses experienced a cyber attack in the past year.
Are Cyber Threats the Same for All Businesses?
While the assets that startups and small businesses hold can be significantly different than enterprise-level businesses, many of the cyber threats remain the same. For example, whether a company has five employees or 500, the threat of an employee causing a data breach is still one of the top concerns businesses have to mitigate. Similarly, things like weak passwords, ineffective mobile device policies, vulnerable POS systems, and misunderstanding cybersecurity threats can cause all types of businesses to fall victim to a data breach or security incident. A startup and a Fortune 500 company could both have the most robust information security programs in the world, but if just one of their employees falls for a phishing scam, ransomware could compromise the entire organization. To put it simply: no organization is truly safe from cyber threats.
In 2013, the Target data breach impacted 40 million customers because malicious hackers were able to compromise their POS system with malware by stealing credentials from a third-party vendor. This exposed payment card data and later caused Target to pay a $18.5 million settlement. It’s easy to see why one of the largest retailers in America would be targeted by malicious hackers, but smaller retailers are just as vulnerable. In fact, considering that many small businesses utilize third-party vendors, the risk of experiencing a data breach or security incident significantly increases. The Ponemon Institute reports that in 2018, 43% of data breaches were caused by third-party mistakes and 37% were caused by external, malicious hackers. Like many other enterprises, Target was able to recover from their data breach because they had the resources to do so; many small businesses would likely not be as fortunate, which is why it’s imperative to recognize that you’re a target for cyber attacks no matter the size of your business.
When it comes to thinking about cybersecurity and the steps your organization needs to take to stay protected against the threat landscape, you need to consider the sensitive assets you hold that malicious hackers are after, not the size of your company. Are you sure you’re doing everything you can to stay secure? At KirkpatrickPrice, we’re here to help to help you regardless of the size of your company. Contact us today to speak to one of our Information Security Specialists to learn how KirkpatrickPrice can partner with you to strengthen your security posture and help you prepare against cyber threats.