Ransomware Is A Threat To Your Business – Why Aren’t You Defending Against It?
Is your head in the sand when it comes to cybersecurity?
Given how often major ransomware attacks and data breaches are in the news, it’s a certainty that you’re aware of cybercrime. But knowing is only half the battle – have you taken steps to protect your organization?
According to a recent survey of corporate technology officers conducted by the Wall Street Journal, you’re probably not prepared to defend against the threats you know are out there. In fact, nearly 80% of respondents named ransomware as a key risk, but just under 70% felt prepared to deal with it.
“Even today, after so many documented cyber incidents, some businesses lag behind in their preparation or, worse, they react in knee-jerk ways to today’s incident with no vision or strategy to address tomorrow’s,” says Alan Levine, chairman of the advisory board for Carnegie Mellon University’s chief information security officer program, in the Wall Street Journal.
Levine calls these companies “ostrich” organizations – they have their head in the sand when it comes to cybersecurity. Do you?
Is Your Business, And Industry As A Whole, At Risk?
The survey’s results help to specify the number of industries that are particularly vulnerable to cybercrime attacks:
- Manufacturing: Only a third of manufacturers surveyed stated they have any type of cybersecurity program in place.
- Retail: Businesses in the retail space also lacked cybersecurity programs by a wide margin, and are unlikely to feel confident in their ability to defend themselves against ransomware attacks.
- Government: These organizations were also found to be highly vulnerable to ransomware, and came in well below average in offering cybersecurity training to their executives.
Size Doesn’t Matter When It Comes To Cybercrime
There’s a fundamental problem with cybercrime new coverage – do you know what it is? It’s really a core issue with news in general, that the bigger the news is the higher the profile it gets.
That’s why the cybercrime stories you’ll hear about usually involving fortune 500, massive enterprises:
- The Capital One breach that compromised the personal information 100 million Americans
- The DoorDash hack that leaked the data of up to 5 million customers, drivers, and merchants involved with the organization
- The Target hack of 2013, when hackers gained access to their network through the corporation’s HVAC vendor Fazio, who had been given external access for business purposes
This is major news, showing how even the biggest targets can be penetrated by a well-aimed cyber weapon – a good thing right? Yes and no; the issue is that when all the cybercrime news is focused on big fish, you start to assume that small businesses aren’t at risk.
The news may lead you to believe so, but it’s simply not an accurate representation of the cybercrime industry. In almost half of all the cyber breaches that have occurred in recent years, a small business was the target. As reported in Verizon’s Data Breach Report and Forbes…
- 58% of all breaches in 2018 involved small businesses.
- 43% of all breaches involved small businesses in 2019.
- Ransomware attacks are still going strong, accounting for 24% of the malware incidents analyzed and is the #2 most-used malware type.
Despite these dire statistics, small businesses are still woefully unprepared to defend themselves. The Wall Street Journal survey found that only 63% of companies with under $50 million in revenue have a cybersecurity program, in contrast to 81% of companies with over $1 billion in revenue. Furthermore, 15% of smaller companies have no plan to put a cybersecurity program in place.
You Need To Do More Than Just “Be Aware”
If you learn anything from the findings of this survey, it’s that knowing about the threats posed by cybercriminals is not enough to protect your business. Whether you’re a small business that thinks it’s flying under the radar or a large enterprise in manufacturing or retail that thinks it’s too big to fail, you need to take steps to defend your data.
The process starts at the top – the survey found that companies that conducted executive-level training were more likely to take necessary steps in developing a cybersecurity program:
- Identification and protection of critical data (84% over the 72% average)
- Insurance coverage (63% over 51%)
- Implementation of an incident-response plan (84% over 70%)
The bottom line is you need to take action, and the good news is that you don’t have to do it alone. Kraft Technology Group will help you assess your vulnerabilities, determine which updates are necessary, and help you develop a comprehensive and effective cybersecurity program.
Click here to get in touch with our team or call (615) 600-4411 to get started today.
Brian Gray, MCP, is the President at Kraft Technology Group, LLC (KTG), an affiliate of KraftCPAs PLLC. Within his role, Brian is responsible for all aspects of service delivery to our clients. Brian has a decade of experience working for managed service providers. He has worked with clients in a variety of industries, including financial services, accounting, legal, healthcare, manufacturing, and retail.