Cyber-security should now be a major concern for businesses. We’ve seen the fallout from data breaches at Facebook, Sony, Yahoo and more, leaving the general public uneasy when it comes to the protection of their personal data. What we haven’t seen is companies adopting an attitude of urgency towards security implementation. It appears cyber-security falls under the category of “It’s never happened to us, so why should we care?”. But when 43% of all businesses suffered a cyber-breach in 2018 (1), it’s clear those attitudes need to change.
It is fair to assume that most companies do not prioritise cyber-security. After all, it’s not like cyber-threats are something that you physically see, nor is security regularly assigned as a critical business target. It’s a case of, out of sight and out of mind.
In order to change attitudes towards cyber-security, we must first understand them. To do this, we wanted to tackle the issues head on and address some of the most common misapprehensions.
“We can’t justify spending money on IT security”
Unsurprisingly at the top of the list is the perception that your company can’t justify spending money on IT security. I don’t believe this issue originates from the unwillingness to try and secure the funding, rather the lack of knowledge surrounding the subject in order to do so. How are you meant to justify spending money on something that doesn’t produce any return?
The value of cyber-security is not seen in its returns, but in its ability to prevent loss. That includes loss from a financial, operational and reputational standpoint. Costs following a cyber-attack largely vary, with small businesses estimating around £27,500 of direct costs such as ransoms paid, before further indirect costs such as downtime and operational damage. Just remember, the cost of implementing cyber-security services is much less than the cost of experiencing and recovering from a cyber-attack.
“Why would cyber-criminals target us when there are bigger fish out there?
Cyber-criminals are commonly depicted as black hoodie wearing vigilantes, out to gain a reputation for themselves in a digital criminal underworld by targeting large government organisations and wreaking havoc. Although I fully accept that those types of cyber-criminals exist, it is much more common to find those that are in it to make money, rather than for some socio-political cause. To make money, cyber-criminals will use any means possible, whether that is selling your harvested credentials on the Dark Web, tricking your employees into paying fake invoices or infecting your network with ransomware.
What this means, is that cyber-criminals are not only out to target large businesses, but businesses who are easily susceptible to an attack. That makes the businesses without a security platform in place, usually small to medium businesses, particularly vulnerable.
“We don’t understand the services that are being deployed, so how do we know they’re going to work?”
Security services usually take the form of multiple software platforms, policy changes, hardware installations and configurations, therefore, there is a lot to take on board when trying to understand the solution that you are looking to purchase. However, reading this blog and engaging with our team is a great starting point, if you’re willing to take the time to try and understand cyber-security, you’re halfway there.
Ultimately, unless you are incredibly brave and decide to implement and manage security solutions independently, it is the responsibility of your Managed Security Service Provider (MSSP) to thoroughly explain and help you digest the information, after all, that is what you’ll be paying them for. So, make sure you choose the right business and the right partnership to suit your business needs.
We have just covered three extremely common misapprehensions about cyber-security that highlight the attitudes of some SME’s today. It’s clear that attitudes surrounding cyber-security and its integration need to change, and not just for businesses themselves, but for the general public too. Unfortunately, cyber-attacks don’t look as though they’re slowing down, if anything, they’re on the rise. If you’re not already protected, it’s time you seriously consider the implications of suffering a cyber-attack and get in touch with an MSSP that can facilitate your requirements.
Maurice Duro – Cyber Security Analyst