Published on October 9th, 2019 📆 | 8561 Views ⚑0
66% Small, Medium Businesses Hit With Cyberattack in Past Year
October 09, 2019 – Two recent reports shed light on the threat landscape facing small- to medium-sized businesses (SMBs): Kaspersky found that half of SMBs are struggling to detect incidents, while the Ponemon Institute-Keeper report showed 66 percent of those organizations have experienced a breach within the last 12 months.
The Kaspersky Global Corporate IT Security Risks Survey is based on interviews with 4,958 IT business decision makers from 23 countries and across all sectors, including healthcare. The researchers found that the cost of data breaches has steadily increased in recent years, while cyberattacks continue to pummel all sectors.
“Given that businesses are still proving to be vulnerable to cyberattacks, it’s clear that more needs to be done so they adapt to a fast-moving and ever-increasing threat landscape,” researchers wrote. As they strive to achieve this, we can see that businesses are continuing to invest in their IT security and systems.”
“It’s clear that organizations need to bolster their businesses to mitigate long-term risks and protect from anticipated attacks in the future,” they added.
However, researchers found that 38 percent of these leaders said they lack sufficient insight into the threats facing their business. Just 55 percent were completely confident their network had not been hacked in the last year.
And just one-in-ten (12 percent) of these organizations are concerned about a malware infection, despite it being one of the most expensive security incidents at $2.7 million.
“SMBs too are ignoring their most expensive forms of attack,” researchers explained. “The costliest type of data breach for smaller businesses are incidents affecting IT infrastructure hosted by a third party, adding up to $162k.”
“However, SMBs only ranked this as the fifth most important measure, and instead are most concerned about data protection issues, such as the loss of a physical device, or data loss though a targeted attack,” they continued.
According to the report, these organizations are investing in people more than its systems. However, the maturity of IT systems can reduce the financial impact of a data breach. In larger organizations, the costs drop from $1.4 million to $675,000 with a designated internal security operations center.
For SMBs, the designated internal SOC can reduce the cost of a breach from $129,000 to $106,000, overall. The researchers noted that while the reduction does not appear significant, the costs are reduced by 22 percent or more, as many SMBs use an external team for the SOC function.
The Ponemon Institute-Keeper report showed slightly higher recovery costs. In the aftermath of a cyberattack, the report showed SMBs spend an average of $1.2 million – up from $1.03 million in 2017. Disruption of normal operations cost an average of $1.9 million, an increased from $1.21 million in 2017.
SMBs suffer most from phishing and web-based cyberattacks: 72 percent of respondents said they’ve experienced at least one cyberattack. Phishing and social engineering attempts are the biggest threat actor (53 percent), while other respondents pointed to other web-based attacks (50 percent) or general malware (39 percent).
The report also found the cyber threats against SMBs are becoming more targeted. About 60 percent of respondents said the attacks seen against their organization are severe and sophisticated.
Notably, 56 percent of respondents said the laptop is the most vulnerable endpoint or entry point to a network, and the same number named mobile devices as the most vulnerable endpoint. IoT devices were ranked as the third-most vulnerable endpoint at 45 percent of respondents.
“More mobile devices will be used to access business-critical applications and IT infrastructure,” researchers explained. “Companies represented in this research have 120 business-critical applications and an average of 48 percent of these business-critical applications are accessed from mobile devices such as smartphones and tablets. This is an increase from 45 percent in last year’s research.”
More than half of respondents said these devices diminish their organization’s security posture.
But despite an increase in attacks and recovery costs, the Keeper report showed the time to respond to a cyberattack has not improved with just 26 percent of SMBs decreasing response time. And for 39 percent the recovery time has increased or significantly increased.
“SMBs are also at risk because most of them (70 percent of respondents) do not have a comprehensive inventory of all third parties with whom they share sensitive and confidential information,” researchers wrote. “Without this information, they are unable to conduct assessments to ensure their third parties are taking steps to safeguard their sensitive and confidential information.”