Ran across this Oct, 2016 article over the weekend.
The U.S’ National Cyber Security Alliance found that 60 percent of small companies are unable to sustain their businesses over six months after a cyber attack. According to the Ponemon Institute, the average price for small businesses to clean up after their businesses have been hacked stands at $690,000; and, for middle market companies, it’s over $1 million.
60% of small companies that suffer a cyber attack are out of business within six months. – The Denver Post
It coincides with other articles and reports that I've been reading over the last couple of months that hackers are targeting small businesses more than ever because they are easy targets.
From my own observations, the average small business has the attitude that they have nothing a hacker would want, so it's not important enough to worry about.
This line if thinking is flawed because of
1. Lack of education about who hackers are. Most think they're all state sponsored organized groups who create elaborate programs to force their way into a network with DDOS attacks, and only go after big targets. That is not true. Most hackers are small time individuals who have learned how to use basic software to make your life a living hell to make some money. Most exploitation software is open source and free to download. You just need to learn how to use it...which anyone can do on You Tube.
Anyone within reach of your wifi can hack you. But most attacks happen because people unwittingly let them in via phishing, spear phishing or other social engineering tricks.
2. No understanding about what is valuable.
I talked to one of my clients about their security last week. They're developing proprietary software and hardware for virtual reality. They assured me that all of their designs and proprietary info is properly secured. Awesome. I asked what about their employee records, contact lists and information, investor info and accounting?
They asked why would anyone be interested in that?
A few weeks ago it was reported that a small business in Cincinnati, a medical office was hacked. You know how they discovered it? Employees started filing their taxes and getting denial letters stating that their taxes had already been filed and paid out.
http://ift.tt/2nTSkCR
Small businesses are easy targets because most have no security, aren't concerned about it, and a decent hacker can make a good score just by stealing the info of 10 people, and 10 people they know and so on.
Bottom line, if you're in business and use computers to run that business, it's not just about your personal security, you have an obligation to everyone who's information you have on your system including clients and employees.
I know it feels like I'm always sounding this alarm, but small businesses are now the majority or reported hacks to an estimated tune of 4k attacks a day. It's a blood bath out there and hackers are picking people off left and right. Do you think ANY law enforcement agency has the manpower to investigate 4k hacks a day? Even if they did, they can't catch every perpetrator in countries from all over the world.
It's going to be up to you to learn, and protect yourself. The government or Google is not coming to the rescue with an easy button to solve this.
Is anyone concerned? Has anyone started learning more about protecting themselves?
Just curious where everyone is on this, and why they think it is or isn't that important?
Quote:
The U.S’ National Cyber Security Alliance found that 60 percent of small companies are unable to sustain their businesses over six months after a cyber attack. According to the Ponemon Institute, the average price for small businesses to clean up after their businesses have been hacked stands at $690,000; and, for middle market companies, it’s over $1 million.
It coincides with other articles and reports that I've been reading over the last couple of months that hackers are targeting small businesses more than ever because they are easy targets.
From my own observations, the average small business has the attitude that they have nothing a hacker would want, so it's not important enough to worry about.
This line if thinking is flawed because of
1. Lack of education about who hackers are. Most think they're all state sponsored organized groups who create elaborate programs to force their way into a network with DDOS attacks, and only go after big targets. That is not true. Most hackers are small time individuals who have learned how to use basic software to make your life a living hell to make some money. Most exploitation software is open source and free to download. You just need to learn how to use it...which anyone can do on You Tube.
Anyone within reach of your wifi can hack you. But most attacks happen because people unwittingly let them in via phishing, spear phishing or other social engineering tricks.
2. No understanding about what is valuable.
I talked to one of my clients about their security last week. They're developing proprietary software and hardware for virtual reality. They assured me that all of their designs and proprietary info is properly secured. Awesome. I asked what about their employee records, contact lists and information, investor info and accounting?
They asked why would anyone be interested in that?
A few weeks ago it was reported that a small business in Cincinnati, a medical office was hacked. You know how they discovered it? Employees started filing their taxes and getting denial letters stating that their taxes had already been filed and paid out.
http://ift.tt/2nTSkCR
Small businesses are easy targets because most have no security, aren't concerned about it, and a decent hacker can make a good score just by stealing the info of 10 people, and 10 people they know and so on.
Bottom line, if you're in business and use computers to run that business, it's not just about your personal security, you have an obligation to everyone who's information you have on your system including clients and employees.
I know it feels like I'm always sounding this alarm, but small businesses are now the majority or reported hacks to an estimated tune of 4k attacks a day. It's a blood bath out there and hackers are picking people off left and right. Do you think ANY law enforcement agency has the manpower to investigate 4k hacks a day? Even if they did, they can't catch every perpetrator in countries from all over the world.
It's going to be up to you to learn, and protect yourself. The government or Google is not coming to the rescue with an easy button to solve this.
Is anyone concerned? Has anyone started learning more about protecting themselves?
Just curious where everyone is on this, and why they think it is or isn't that important?
Aucun commentaire:
Enregistrer un commentaire