If you were to imagine that cybercrime was a nation, it would be the third largest economy, after the United States and China. It costs businesses $6 trillion dollars annually, and it affects businesses of all sizes and scales, from the largest shipping companies in the world, right down to the smallest of businesses.
In fact, nearly half of all cyber attacks target small businesses, who often assume that they don’t have enough prominence, nor assets, to be worth the effort. The flipside to that coin, as far as the cyber criminals are concerned, is that smaller businesses are easier to target, and doing so becomes a “run-rate” business for them.
The other thing that cyber criminals count on, which is disproportionately represented within smaller and mid-sized businesses, is not only that the IT environment is less secure, but the employees are easier to target. Research from IBM shows that human error is a contributing factor to 95 per cent of all cyber security breaches. In other words, the best cyber security defence – and one that’s accessible to businesses of all sizes – is simply training staff to be better aware of the cyber security risks out there.
On Developing a Culture of Cyber Security
Successfully driving a culture of cyber security within the enterprise cannot be a passive process. The business leaders need to develop an active and ongoing awareness within the organisation, and at every level. This is one of those areas where the entire IT environment is only as strong as its weakest link.
Some of the key strategic considerations include:
- Have absolute clarity around IT security policies and processes: you should be actively explaining to your people why strong passwords and two factor authentication is important, and why they shouldn’t be using the likes of Dropbox to share files. Not only will understanding why these policies are in place prevent any frustration towards “overbearing” IT security, but they’ll help the users understand the risks of circumventing them.
- Regularly test employees: Rather than simply provide employees with resources on what to look out for with cyber threats, you should also regularly test them. A number of software solutions provide for simulations of common cyber attacks, and will provide feedback on where the risks are within the organisation. This allows you to create a targeted approach towards cyber security awareness.
- Pay particular attention to BYOD: Most enterprises – especially smaller companies – do allow some form of BYOD, whether that be just the mobile phone, or the entire laptop. Be sure that you’re able to apply the same policies to these devices – including patch management and remote use policies – and that the employees are comfortable with this.
Finally, it’s important to have a solution in case human error does lead to a successful cyber attack. Having an effective backup solution means keeping the backup off-site, separated from the network, and regularly checked. That way, if malware should infect the network, it can be addressed simply by taking the network offline and running the restore. However, this also needs to be properly managed, as a staggering 37 per cent of backups fail when needed.