How bad is it? Will Cybersecurity get worse?

I know there are many macro statistics, which we have discussed on this site:

Describing The Cyber Neigborhood

For example Cisco determined that by 2020 there will be 50 Billion devices on the Internet. And we are well on our way to create this prediction.  Bla bla bla…

Forgive me for a minute…

I don’t like to talk politics and say X did this and I don’t agree with Y (insert your politicians in x and y).  I just want to talk about it in the sense that talking politics  even sensibly with facts and such does not change many minds.

 

I don’t know if you are a Trump supporter or not, but interesting to note many of the Trump naysayers from the very beginning did not understand him (but were 100% certain they were right).

And then the election actually occurs on November 9th and he wins (again proving all the ‘experts’ were wrong) and now the exact people who did not think Trump was going to win are now incredulous about the election. And are not shy about telling you how to think about the election.

 

Ok Back to your regularly scheduled programming…

 

Now I would like for you to talk to someone about a subject they have preconceived notions and tell them they are essentially WRONG. How well will that argument go?

I.e. Cybersecurity will get worse next year just like all the years before. So if you have done nothing or very little in the last year and are NOT interested in thinking about it at all. There is likely nothing I will say to change your mind.

I am not interested in changing your mind if you have no understanding and think you will not be affected next year just like this year.

 

The biggest problem with Cybersecurity is that it is very complicated, has many pitfalls, potential issues, and on top of that it ultimately ‘depends’ on how much you are defending.  But the defense could fail spectacularly to the point of going out of business if the situation is right. Of course the devil is in the details

I can give you proof that this is happening:

https://blog.knowbe4.com/paychex-60-of-hacked-smbs-are-out-of-business-6-months-later   In this blog at knowbe4 Stu Sjouwerman has written a post that discusses Paychex (the payroll services company) and the data came from the National Cyber Security Alliance infographic.

It is worthwhile to review the information from NCSA.

Small businesses have been targeted, according to NCSA 70% of them.

Out of those 70% who have been targeted there are some who have experienced cyber attacks, and out of those with successful cyber attacks 60% go out of business in 6 months.

To me the numbers are staggering but it makes complete sense.

IF you do absolutely nothing with Cybersecurity and get a catastrophic attack (like Ransomware) which is very prevalent these days. AND you did not have a tested reviewd backup which actually restored your data. You might actually have to pay the Criminals to get your data back.

In my last post (last week) I noted that IBM surveyed a number of business executives and found that 70% of the executives paid to resolve the hack.

Now let me ask you something…  If you paid once will you pay again?

What makes you think this will be easy next year? The criminals will hire young kids who code in their sleep to hack your systems to make more money. (with the money you paid them).

So I made a proof positive case that small business people have to do something to solve this problem (Cybersecurity). But will it actually help?

Because proving that a backup actually works is complicated and costs a lot of money and time for all of the employees (as they have to check the data). But if you do not do it, and the ransomware tech support did not set up their software correctly you may have lost your data forever. And if you do it nothing improves in your business as this is not a “sales” decision.

So if x then y and then out of business.  What would happen tomorrow if you lost your data and would have to recreate it?

What would happen on the off chance that a tsunami blows down your house?  Let’s forget about whether you are near an ocean or not. Imagine a bad calamity since if I explain some Cyber cause most people would not understand.

ULTIMATELY this is a BUSINESS DECISION. (not technical)

We have to spend time and effort to test a backup. Just in case of a calamity, yes it could be a cybersecurity problem, but it also could be a physical problem.

I would like to see in 2017 the number of SMB businesses that go out of business go to near zero at least due to a Cybersecurity attack.

We do have to talk to business leaders in their language – money. So lets watch what we say and watch from their peers and financial people, such as:

ABA The ins and outs of Cybersecurity Insurance

So maybe the businesses need more insurance because the median claim payout is $144k and average payout is $733k

Median Cost per breach expense 110k, and average cost for breach response services: $366k

I wont list the legal costs as those can always balloon.

Most interesting is Hackers were the most frequent cause of data loss, followed by employee mistakes(32%)

 

So as a business decision you should get Cyber Insurance (and I don’t sell it).

But before you get it you have to do a risk assessment, the risk assessment has to weigh the potential risks with real and maybe even unknown threats.

Look at this extortion threat to a bank:

So an insurance claim could be due to a client with intimate knowledge of your information and infrastructure that could cause serious harm to you and your reputation.

This is unfortunate but in the realm of reality these days.

I found the actual Security Survey post in NCSA:

  • A Majority of SMBs Believe Security Is Critical to Their Success and Brand: Seventy-three percent of SMBs say a safe and trusted Internet is critical to their success, and 77 percent say a strong cybersecurity and online safety posture is good for their company’s brand.
  • SMBs Unprepared to Handle Data Breach Losses: Nearly six out of 10 (59 percent) SMBs do not have a contingency plan outlining procedures for responding and reporting data breach losses.
  • Two-thirds of SMBs Aren’t Concerned About Cyber Threats: Sixty-six percent of SMBs are not concerned about cyber threats – either external or internal. External threats include a hacker or cyber-criminal stealing data while internal threats include an employee, ex-employee, or contractor/consultant stealing data.

This makes sense to me as that is what I have experienced, essentially everyone believes Cyber Security is important, but do not understand the actual details on how to be safer or they are not concerned at all. Which is why when a Cyber—tsunami(Ransomware on critical data without a backup) blows you over then in 6 months small business is out of business.

As many people say…  BOOOM!!!

 

Let me help you develop a security policy and review your risk management since the current risk management models are not working. Start your education so you understand the risks as this is not an easy subject to break down.

What exactly are the costs in a successful data breach? And what would actually happen with your business after a successful breach?

“Risk Managment Failed Us” is an article I wrote quite some time ago, but is still apt.

 

Contact US   Tony Zafiropoulos –  tonyz “@” fixvirus.com

Advertisements