What Should Small Businesses Know About Cybersecurity in 2018?

As 2017 comes to a close, cybersecurity professionals are looking at the year ahead, and predicting how the industry will change in 2018 and beyond. Inc.com’s Joseph Steinberg recently spoke with Steve Morgan, Founder and Editor-in-Chief of Cybersecurity Ventures, and released his own cybersecurity predictions for 2018 based on the firm’s research. Here are key highlights from Steinberg’s 2018 CyberSecurity Almanac:

• Cybercrime will cost the world $6-trillion annually by 2021, up from about half of that figure in 2015.
• Global spending on cybersecurity products and services will exceed $1 trillion from this year through 2021.
• There will be 3.5 million unfilled cybersecurity jobs globally by 2021, up from 1 million positions in 2014.
• Global ransomware damages will exceed $5 billion in 2017 – up 15X in just 2 years – and ransomware attacks on hospitals will quadruple by 2020.
• Spending to train employees on security awareness will exceed $10 billion annually by 2027, up from $1 billion in 2014.

“Ok, sure, these are big numbers,” you might say, “but they’re generally associated with bigger businesses and other more lucrative targets. Why would hackers come after little ol’ me?”

You asking that question is exactly why. Think about it: Let’s say you have two thieves in a kingdom. The first one dedicates all of his time and energy toward finding and getting into the King’s highly guarded and well-hidden treasure vaults, which are designed specifically to deter criminals like him and protect the King’s assets.

The other one, however, decides to spend his nights picking poorly constructed locks, creeping silently into unguarded stables, and burgling local guild-halls and taverns for whatever he can get away with.

While the first is toiling away, attempting to overcome the challenges and difficulties inherent in taking that one big score, all the while unsure of whether he’ll even get away with it in the end, that second thief is relaxing. He’s been extorting and otherwise illegally procuring lesser sums with virtually no effort and a high level of success — and he most certainly will get away with it.

Everybody is at Risk

If you feel like your business, for whatever reason, is “not at risk of a cyber-attack,” you’d fit right in with the overwhelming 87 percent of small business owners who responded similarly to a 2017 Manta poll — you’d also fit in with imaginary victims of the second thief in the above anecdote. When people and businesses truly don’t think they’ll become victims, they generally fail to adequately protect themselves and whatever assets they have. How can you mitigate a risk that you don’t believe exists in the first place?

In today’s age, it should be noted: everybody is at risk, big businesses and small alike. The only people who think otherwise are either ill-advised, uninformed, or overconfident. The harsh reality is that small businesses are prime targets for cybercriminals because they often lack the IT departments and security professionals that larger businesses can afford to employ.

What’s worse is that once targeted, small businesses lack the fiscal power and technical knowledge to handle the fallout, where enterprise-level organizations possess ample resources and are prepared to bounce back from a cyber-attack before it even happens. According to ECPI University’s blog, this is exactly why ransomware that targets small businesses is on the rise:

“Ransomware attacks on large corporations are more difficult because they have to infect large computer systems. But a small business owner who keeps crucial files on one computer, and has no cyber security software (31% of small business owners have no cyber security software of any kind) is easy to target for ransom.”

Holding Your Business Digitally Hostage

Ransomware has been around for awhile, but only recently made global headlines in May 2017 when one particular strain called WannaCry infected over 220,000 computers worldwide, according to data recovery firm Kroll OnTrack: “The WannaCry Ransomware virus, once activated, encrypts files, drives, and entire networks,” they write.

“Once the Ransomware infects the computer, a message appears on the screen telling the user that the computer and its data are unavailable and can only gain access by paying a ransom in the form of the crypto currency, Bitcoin.”

Unfortunately, because ransomware utilizes encryption, there is truly no way to recover digital files that haven’t already been backed up prior to infection. Since the vast majority of organizations, big and small, keep digital records and rely on virtual documents to conduct business, nobody should consider themselves immune to ransomware attacks or data breaches — not even the rare small business that still relies primarily on paper.

Most would likely agree that the amount of space they take up, the time and money spent filing and organizing them, and the fact that they’re not environmentally friendly are among the biggest disadvantages of relying on paper documents.

Nevertheless, some still do rely on them as part of a misguided strategy to keep data secure, when the reality is that paper documents are no more secure from data breaches than digital documents; the case of Florida-based medical clinic, Radiology Regional Center, is just one example of how paper doesn’t beat digital when it comes to security.

How Should Small Business Prepare for the Coming Years?

The first thing is to realize that you are absolutely a target, no matter how small your business is. Second, you’ll want to make sure that you have a prevention and response plan firmly in place.

Record Nations offers a fantastic guide on the subject, titled “Planning for Business Identity Theft & Data Breaches: The Guide to Prevention”, which covers creating a document management plan, scanning records, cloud storage, electronic DMS, etc. Check it out for an in-depth analysis and step-by-step guide on securing your small business.

It’s imperative to realize that it’s likely not a question of whether or not you’ll be the target of a cyber attack — chances are you will. The question is whether or not you’ll have a security plan in place, and how you’ll respond if the cyber attackers succeed. Cyber security will only become more important as time goes on. Don’t get caught with your pants down in 2018.