The year is 2020 and the internet as we know it has been around for roughly 30 years. (No, we aren’t counting ARPANET) As the internet continues to expand and evolve, so do the threats. In 2019, according to ITGovernance.com, there were roughly 80 reported data breaches/cyber-attacks each month. In January 2020, we learned Microsoft fell to cyber-attacks, leaving 250 million records in their customer support eco system exposed. But what you may not have known is that there was a total of 61 reported data breaches and cyber-attacks, which exposed around 1,505,372,820 records.
Does 61 disclosed breaches in January sound like a low number? That’s because it is, last month rang in as the new 6-month low in the average number of data breaches per month. However, these are only reported data breaches and cyber-attacks. According to Varonis, cyber-attacks happen every 39 seconds—which means in a year there are approximately 809,152 cyber-attacks each year, or 67,430 attacks a month. These attacks can range from a small phishing attempt on an individual, to a large-scale breach similar to the Microsoft breach.
On the list of disclosed breaches from January the majority of the list of breaches and attacks contained a number of smaller enterprises. These organizations may have been aware of the data security threat but thought something similar to “I’ll never get hacked, I’m too small.”
This is an all too common way of thinking for small organization executives. This thinking is the complete opposite of a hackers however. Hackers target small organizations because their defenses are more likely to be easier to penetrate.
In fact a recent survey found that 60% of enterprises (of varying sizes) say they are not prepared to handle data breaches. The study discusses how roughly 73% of surveyed enterprises continue to experience unplanned downtime due to poorly managed digital certificates and PKI (public key infrastructure).
Mismanaged digital certificates aren’t the only risks to businesses though. The ones you hear about most are ransomware, malware, phishing, and denial of service attacks. However, social engineering is on the rise as more people familiarize themselves with other forms of cyber-attack and data breach styles.
The stark reality is that hackers and malicious threats aren’t going anywhere anytime soon. And while many small businesses tend to fall more into a category of reactive, rather than proactive there are steps you can take to protect an organization.
- Conduct a security audit.
- Identify weak points
- Develop a data breach prevention plan
- Increase awareness of security risks
- Create an employee security policy training
- Encrypt sensitive data
Protecting your organization from malicious threats may seem like a daunting task. But it needs to fall high on the list of business priorities. If customers are your biggest asset, protecting their data is your biggest liability.