Psst… Hey… I’m not here to scare you. I’m really not the fearmongering type… but I have to be frank with you… bad things are coming.
If it hasn’t happened already, then at some point soon, your business is going to have a run-in with ransomware, malware, or some other ‘-ware’ that’s making the rounds. As much as you (and other business owners) would like to think otherwise, it’s not an “if” anymore, but a “when”… and how insignificant, or devastating the experience will depend on how prepared you are.
So, first question: What kind of ‘victim-to-be’ are you?
In the no-so-distant past, all we needed to do was have a good anti-virus program on your computer/server, and a decent firewall in place, and you were good to go! Now, traditional ‘havoc causing’ viruses have fallen to the wayside, making way for more dynamic, destructive, and costly ‘Malware’ capable of doing far more damage to a business than just erasing data, or causing network issues… holding critical business systems hostage, threatening to expose sensitive data, or encrypting the data, and charging ransom to release it.
A few weeks ago, I met with the president of a major property development company. We discussed his network and, despite my strong urging to secure his environment, he remained adamant that they didn’t need to invest the time and money, repeating the reason I’ve heard multiple times before… “We’re not big… why would hackers target us? We build buildings!”. My response was automatic and immediate…
“How do you think hackers pick who to target?”
The answer to this question is pretty simple… They don’t.
Hackers very rarely have a specific target, especially if there’s a profit motive involved. The vast majority of cyber-attacks affect businesses with LESS than 50 employees… not because they’re high-value targets, but because they’re low-hanging fruit… they’re EASY. Ironically, Small to Medium business owners run a higher risk of being a victim BECAUSE think they’re not targets.
– are less likely to have the skills in-house to prepare for, or recover from a ransomware attack
– are more likely to pay a ransom because it usually costs LESS than hiring a specialist to fix it
– are less likely to have security policies in place to detect/prevent newly discovered exploits
To put this in context; which do you think is a more appealing target for burglars… the corporate office with a security guard, cameras, alarms and a security budget… or a block of houses where some folks may have forgotten to lock their doors and windows? The corporate office may have a bigger potential payout but a higher risk of failure, or being caught… but the neighbourhood houses offer ease of access, greater opportunities to succeed, and a far lower risk of getting caught.
So, how do hackers go about finding potential victims? Their process is pretty simple… It all starts with an ‘exploit’.
An exploit is a hole, a flaw or undetected vulnerability in a device or software on your network that enables hackers to get past your current security.
Like the burglars going door-to-door… Hackers create tools to ‘scan’ the Internet to find computers/networks that may have this unpatched vulnerability. It scans broad ranges of IP addresses, one at a time, checking to see if the flaw/hole exists. With over 4 Billion IP addresses available on the internet, the odds are in their favour that they’ll find someone who hasn’t locked their door…
…and nothing good EVER happens to those unfortunate enough to be discovered.
If the hackers ARE successful, the aftermath can be FAR worse:
What would the cost to your business be if any of the following were lost or stolen?
Now, should the business survive all this (more than HALF of small businesses close their doors within 6 months of a major incident) then they STILL need to invest in a security solution that they should have had to begin with… often times paying 2x or 3x what the initial investment would have been.
Home Alarm companies will tell you, the customer that pays the most for their alarm systems are typically the ones whose homes were broken into the week before.
Stay tuned for the second part of this article where we will talk about the solutions, meanwhile, take advantage of our Free Cybersecurity Assessment and let our cybersecurity experts evaluate your risk level.