Over the past year, we have seen headlines about cyberattacks targeting businesses and individuals worldwide. From ransomware to data breaches, attacks increased in severity and frequency, rising 17 percent in 2021 over the prior year.
With this rapid rise, it’s no surprise that businesses are starting to feel the costs. According to a recent survey of cybersecurity professionals, the median cost of a cyberattack hitting US-based businesses jumped 80 percent year over year, from $10,000 to $18,000. Over half of all US businesses surveyed said they experienced such an attack in the last 12 months, up 7 percent yearly.
For SMBs, this rise in the potential cost they could face from an attack is particularly concerning. While a large enterprise might easily absorb the cost of such an attack, every dollar often counts for an SMB looking to stay in business and continue serving its customers.
The survey found that common entry points for security leaders indicating they had a breach in the last 12 months included 41 percent with a corporate server in the cloud and 40 percent through business email. For an SMB, this can help provide some guidance on areas of risk to pay attention to ensure they are also not vulnerable in these areas.
Additionally, ransomware remained a strong vector of attack that cost SMBs. According to independent research, ransomware attacks increased by 78 percent throughout 2021, hitting two out of every three organizations throughout the year. Many security leaders surveyed found that they had to pay to recover their data from an incident (upwards of 84 percent), adding additional unexpected costs to their recovery efforts.
The good news is that there are several things that an SMB can do to mitigate risk. The first is to ensure that basic cybersecurity hygiene principles are followed, such as leveraging strong passwords and multi-factor authentication across the organization and regularly patching known vulnerabilities. An SMB should also leverage monitoring capabilities to pinpoint any nefarious activity on its networks (the SMB’s managed service provider can also run this).
Additionally, an SMB should also educate its employees on how to mitigate risk best. This could include implementing regular cybersecurity awareness training, including pinpointing emails that could be phishing or what to do if they think they see signs of an attack. This training should be undertaken regularly as cybersecurity threats evolve daily.
Unfortunately, cybersecurity threats aren’t showing any signs of slowing down anytime soon. For that reason, it is more important than ever that an SMB takes steps to protect its organization from attack. In doing so, an SMB can ensure it can continue delivering its products or services to the customers that need them.