Almost 60% of small businesses have been victims of a cyberattack in the past year; however, most them were not aware they were attacked. Nationwide conducted its third annual survey which included over 1,000 businesses with fewer than 300 employees for the study. 58% of participating companies were victims of a cyberattack. The types of attacks ranged from phishing scams to ransomware. Companies who are targeted tend to have fewer cyberdefense systems, lower budget for threat protection and less name recognition. The most common forms of attack were computer viruses (36%), phishing attacks (29%) and Trojan horses (13%). Many of these companies were not prepared for any type of cyberattack. Around 58% of the firms do not have a dedicated team or vendor to monitor for cyberattacks. 76% did not have a plan action for when an attack takes place, 57% did not have plan for protecting employee data and 54% did not have a plan for protecting customer/client data. Recovery was slow and expensive for these companies. Around 20% of the companies spent about $50,000 and recovery took over six months. Additionally, 7% spent over $100,000 and recovery took over a year.
https://www.technewsworld.com/story/84865.html
Really interesting article. I think this is a real problem and we are going to be seeing it more and more moving forward. I think it comes form they simply do now have the money to properly keep up with cost of cyber security.
Elizabeth – Your response to Cyber-attacks on SMEs is quite interesting to read. I have to agree that SMEs definitely face a lot of challenges because of lack of resources, poor understanding of cyber security threats, and lack of capital to invest in such measures. One interesting aspect that I found in your response is the fact that the recovery is slow and expensive. This is an important point that you made because if recovery is costly, then it puts SMEs again into problems because they cannot afford enough to implement anti-malware solutions quickly. This not only affects their capital expenditure, but also the operations on the whole.
Elizabeth,
Sharing this type of articles is very important to educate people and small companies to think more about creating their own IT security departments that would be in charge of educating employees and protecting their IT infrastructures. I believe these types of articles give a strong sign to these small companies to think seriously about security by hiring more IT people and define a good budget to run these security departments. These companies don’t really work hard enough to secure there IT departments, especially if they are small.
For an extreme example, an usual startup company, what is priority for them? Growing up their business, they must put resource on their priority. Data presented above only make statistical sense. There are countless small business. What makes them think they will be attacked? For bad guys, how come do they find out those nameless company? Do you think someone outside of company or someone inside of company has higher possibility find out the weakness of company?