The year 2018 saw ransomware families such as CryptoLocker and variants like Locky continue to plague organizations as cybersecurity adversaries morph their techniques to avoid detection. Several massive data breaches this year include Quora, Ticketmaster, and Facebook that exposed over 200 million records worldwide. While high-profile breaches may make the news headlines, over 60% of small and mid-sized firms have experienced data loss or a breach themselves. While smaller firms may believe that they are not targeted by hackers, they comprise the global supply chain connected to much larger enterprises. SMBs also find that their IT and security staff is stretched thin juggling day-to-day operations with cybersecurity capabilities insufficient for their unique organization and industry sector risks.
As the year winds down, here’s what small and mid-sized organizations may experience in 2019 with an eye towards enhancing security.
Cybersecurity Threats Impact Uptime:
Organizations of all sizes struggle to maintain uptime of point of sale (POS) systems and avoid lost productivity due to business data loss. Patching, ransomware, and data breaches all impact network and system uptime. Enhanced investment in your infrastructure and cybersecurity during 2019 ensures that your organization can detect and remediate threats quickly to meet resiliency and uptime objectives.
Malware Continues to Endanger Organizations:
Malware like viruses, worms, bots, and banking trojans will continue using advanced evasion techniques to challenge organizations and consumers alike. Malware that morphs and evades detection increases recovery costs; rapid detection and blocking will continue to be essential in minimizing dwell time and damage. While traditional anti-virus alone is not enough to stop malware, endpoint detection and response (EDR) software provides enhanced protection necessary to catch new and otherwise unknown malware strands.
Cybersecurity Shortages Drive New Business Models:
According to Ponemon Institute research, 73% of small and mid-sized organizations state that insufficient personnel keep IT security from being fully productive. A lack of cybersecurity staff and skills can lead to creative approaches to maintain protection and compliance. Many organizations will tap a trusted managed security services provider (MSSP) to complement their existing staff and capabilities.
You Can’t Manage What You Can’t See:
Over 40% of organizations consider getting full visibility to all assets and vulnerabilities to be a top challenge, according to a threat monitoring report. Comprehensive infrastructure and log monitoring provide real-time insights that can identify suspicious behavior, flag further action, and help prioritize where to focus limited resources. A Security Information and Event Management (SIEM) service such as EventTracker SIEMphonic provides the visibility and actionable intelligence you need for sustained protection.
New Privacy and Data Breach Regulations Gain Traction:
Following the strict privacy and breach notification guidelines in EU GDPR (General Data Protection Regulation), many anticipate that US lawmakers will consider enacting similar regulations. The California Consumer Privacy Act signed into law in 2018 is a harbinger of such legislation. The Forbes Technology Council weighs in on data privacy impacts for organizations of all sizes.
Effective Security Starts at the Top:
You and your executives set the tone on security that successfully balances organizational growth with risk mitigation. Over 62% of small and medium-sized firms have experienced a data breach, so it’s important to be proactive and invest accordingly. Year-end is the ideal time to evaluate your current security posture and ensure that you are evolving and investing in security as your adversaries step up the game. If you don’t have the right skills or staff, engage a trusted advisor like a managed security services provider (MSSP) to assess any security gaps.
The cost of cybersecurity threats includes reduced productivity, lost online revenue, compliance gaps, and even fines. Many small and mid-sized organizations should approach 2019 with both strategic and tactical security measures that involve people, processes, and technology. Detecting a data breach takes 107 days on average so augment your expertise in security and compliance to maintain uptime and growth.
For more real-time information on cyberthreats, view our Catch of the Day resources that outlines actual cybersecurity war stories.