Cybersecurity & Cybercrime
You Don’t Have to Be Target® to Be a Target for Cybercrime
All businesses need to be concerned about the security of their sensitive information, but small and midsize businesses (SBMs), in particular, are growing targets of cybercrime. For reasons that include lack of understanding of the risk, confusion between compliance and security, and concerns about cost and efficiencies, SBMs overwhelmingly lack sufficient systems and protocols in place to secure the information entrusted to them.
With increased liabilities and more customers requesting audits from their vendors’ security systems (in which failure to comply could mean substantial losses of business for vendors), few SBMs can afford not to take action.
Learn about the risks and how Hodgson Russ’s Privacy, Data-Breach & Cybersecurity Practice can help you protect your business.
Increasing Frequency of Cybercrime Against SBMs:
- 72 percent of small-business owners rely on themselves or an employee to monitor cyber security.[i]
- 78 percent of small businesses report at least one data breach related to employee negligence or malicious behavior.[ii]
- 61 percent = The increase in targeted attacks against SMBs between 2012 and 2013.[iii]
- 83 percent of small businesses have no cyber-security plan in place.[iv]
- $200,000 = The cost of a typical small business cyberattack – enough to put many out of business.[v]
- 56 percent of employees very frequently or frequently stored sensitive data on their laptops, smartphones, tablets, and other mobile devices.[vi]
- SMBs are increasingly used for gateway access to larger targets such as multinational corporations and government contractors. [vii], [viii]
- “Ransomeware”: Currently, the most common tactic used against SBMs, it locks computers and data, and will only restore access once a fee (“ransom”) is paid.[ix]
Lack of Action to Prevent Cybercrimes Against SMBs:
- Although 94 percent of small businesses indicate concern for cybersecurity[xi], upgrades to security didn’t factor in to the top five IT priorities for SMBs in 2013.[xii]
- 41 percent of small businesses (99 or fewer employees) indicated that cybercrime was moderately or not at all important to their businesses.[xiii]
- 0 = The number of national privacy policies the federal government has adopted.[xiv]
- 10 = The number of states that implemented some privacy laws (as of October 31, 2013).[xv]
Protect Your Business, Your Customers, and Your Stakeholders
From the use of SBMs as “gateways” to access larger corporations’ financial records to hacking online systems to gain access to government agencies and contractors, the targeting of SBMs is increasing rapidly:
- An “install it and forget it” mode of operation prevails at most SBMs, making systems vulnerable.
- SMBs often overestimate the levels of cyber protection offered by the vendors – businesses, banks, and others – that they do business with.
- Most SBMs are unaware of the financial and other liabilities that they stand to incur from a breach and are unprepared for the ramifications, which can include shuttering businesses.
- Although a slim majority of cyberattacks still originate internally, most SMBs have no outside evaluation of their systems.
Hodgson Russ’s Privacy, Data-Breach & Cybersecurity Practice can help you:
- Plan a cyber-protection strategy
- Prepare for data breaches and other cybercrime incidents with data-breach “coaching”
- Defend your business’s interests when cybercrime happens
[i] National Small Business Association 2013 Small Business Technology Survey; accessed via website
[ii] The Human Factor in Data Protection; Ponemon Institute; January 12, 2012; accessed online
[iii] 2014 Internet Security Threat Report, Symantec Inc.; accessed via website
[iv] 2012 National Small Business Study, National Cyber Security Alliance and Symantec; PDF report accessed through the Federal Communications Commission website
[v] Symantec Global SMB Information Protection Survey, Jun. 2010; access via website
[vi] Is Your Business at Risk of Losing Data? 5 Data Security Risks Every Small Business Should Know About; Trend Micro TrendsLab Primer Report; accessed via website
[vii] Krebs, Brian, "Email Attack on Vendor Set Up Breach at Target," from the blog Krebs on Security, February 12, 2014; accessed via website
[viii] Smith, Gerry, “Chinese Cyberspies Are Hacking Into America’s Small Businesses, But Not For The Reasons You’d Think,” Huffington Post, September 5, 2013; accessed via website
[ix] Kavilanz, Parija, "Cybercrime’s Easiest Prey: Small Businesses;" from the website CNN Money, April 23, 2013; access here
[x] Pastore, Michael, "Think You’re Too Small to Get Hacked? Think Again,” QuinStreet Inc., 2014; accessed via HP’s Protecting Your Mid-Size Business from Today’s Security Threats, report via Hewlitt Packard website
[xi] National Small Business Association 2013 Small Business Technology Survey; accessed via website
[xii] Anderson, Robert P., VP of Research, Gartner Inc.; November 7, 2012; archived and accessed online
[xiii] National Small Business Association 2013 Small Business Technology Survey; accessed via website
[xiv] “The Threat of a Security Attack Is Real: Protect Your Business’s Sensitive Information,” Gary M. Schober, practice leader, Privacy, Data Breach & Cybersecurity Practice, Hodgson Russ LLP; July 8, 2014, published in Buffalo Law Journal
[xv] Sengupta, Somini, “No U.S. Action, So States Move on Privacy Law,” The New York Times, October 31, 2013 and as reported in “The Threat of a Security Attack is Real: Protect Your Business’s Sensitive Information,” Gary M. Schober, practice leader, Privacy, Data Breach & Cybersecurity Practice, Hodgson Russ LLP; July 8, 2014, published in Buffalo Law Journal