Cyberattacks are reported in the news on a nearly daily basis, but despite these stories, many small business owners don’t consider malware to be a significant threat. That’s a mistake. The reason is that cyber criminals are sophisticated and find new ways to penetrate security measures all the time. As a result, a growing number of entities, from small companies to the federal government, are at risk of losing data, money and their reputation. The incredible scope of these threats should serve as a call to action for small businesses to implement effective cyber security systems and protect their livelihood.
Small business malware risks
At a hearing before the Senate Small Business Committee in Washington, D.C., Daniel Castro, the vice president of the Information Technology & Innovation Foundation, a government think tank, testified that, “[Cyberattacks] represent an existential threat to some small businesses as firms could go bankrupt from the costs [of] responding to a cyberattack, or from the lost revenue and costumers resulting from a business disruption.”
According to a study by the Ponemon Institute, the number of cyberattacks against small business is on the rise. Of the study participants, 61 percent reported cyberattacks in 2017, compared to 55 percent in 2016, and this upward trend is only expected to continue.
The cost impact of these attacks also increased, from $955,429 in 2016 to $1,207,965 in 2017, and this reflects only the cost for disruption of business operations. Few small businesses have the resources to survive this level of financial loss, which is why it is so important to take these threats seriously.
Big business cyber attacks
Large business are also at high risk of being victims of malware, ransomware or other cyberattacks. According to a nationwide survey conducted by the Hartford Steam Boiler Inspection and Insurance Co., 53 percent of the businesses studied had experienced at least one cyberattack in the previous 12 months. As a result of the attacks, 60 percent of those companies lost data and 55 percent experienced a significant business disruption.
According to the 2018 IBM X-Force Threat Intelligence Index, which assesses cyber-security threats, the five industries most targeted for cyberattacks are:
- Financial services
- Information and communications technology
- Professional services
The report also described how a single data breach in 2017 cost businesses affected an average of $3.7 million. The report’s authors expected that the total cost of cybercrime would reach $2 trillion by 2019.
State capitals experience a high rate of malware incidents
Cybersecurity threats are not limited to the private sector. Several state capitals, such as Atlanta, Georgia, have spent millions of dollars recovering from cyberattacks against their municipal government systems. According to a comprehensive study conducted by EnigmaSoft, this situation isn’t a surprise. The study found that personal computers in America’s state capitals had, on average, 224 percent more malware infections compared to municipalties in the rest of their home state.
Washington, D.C., has been particularly targeted: Its infection rate is 504 percent higher than the national city average. The top three state capitals with a high infection rate are Atlanta (992 percent higher), Albany (970 percent higher) and Salt Lake City (772 percent higher).
These infections have the potential to impact infrastructures and services, from tax and waste collection to transportation and health care. As has happened in Atlanta, everyone from citizens to businesses large and small can be negatively impacted.
Local governments are also at risk
Cities, towns and counties nationwide are also experiencing security breaches and few have the resources to protect themselves. The Cybersecurity 2016 Survey conducted by the International City/County Management Association found that nearly 30 percent of respondents reported having experienced hourly cyberattacks. Some 20 said they experienced daily attacks and almost 25 percent attacks on a regular basis, though not daily. The actual numbers are likely even higher, since almost 30 percent of respondents admitted that they didn’t track this information.
Most local governments can’t identify the perpetrators behind the attacks, and few have the resources to effectively present or respond to these situations, according to survey results. The cost of security services, the vast number of IT networks and systems and the lack of end-user training are just some of the reasons that have been cited for poor cyber protection.
The U.S. government and cyber security
At the federal level, cybersecurity falls primarily under the purview of the Department of Homeland Security, which is tasked with protecting both the government and its citizens from cybercrime. In May 2018, the office of Management and Budget released the Federal Cybersecurity Risk Determination Report and Action Plan, which detailed the challenges that homeland security faces. The study determined that 71 of the 96 agencies that participated in the project were at some risk or high risk of a cyberattack.
Overall, there were 30,899 cyber incidents in 2016, and 38 percent resulted in a compromise of information or system functionality. The study did not address the cost of addressing these situations, though a breach of the Free Application for Federal Student Aid (FAFSA) tool resulted in over $30 million in fraudulent tax returns.
Cybercrime is impacting everyone, from small business to big government, and the threats grow each day. While the statistics are daunting, there are ways to protect your company. You need to start today.