The statistics are sobering. Sixty-one percent of businesses that were hacked last year have fewer than 1,000 employees, according to Verizon’s 2017 Data Breach Investigations Report. One-third of small and medium businesses suffered a ransomware infection in the past year, forcing one-fourth of them to cease operations, according to a study performed by Osterman Research, “IT Security at SMBs: 2017 Benchmarking Survey.” The direct costs of a single breach are now averaging more than $36,000, according to a report in Security Magazine.
Over the past decade, multiple trends continue to expand: massive increases in the amount of data businesses store and rely upon for daily operations, increased use of multiple cloud-based vendors that house company data, and steady increases in the number of cyberattacks and data breaches perpetrated against businesses and consumers alike.
Cybersecurity should clearly be an issue getting direct attention from upper management and owners of small businesses. No longer should cybersecurity be relegated to the domain of the network administrator or outsourced IT support firm. Cybersecurity must be treated as a business risk issue, just as safety risk is in operations and competitive risk is in sales.
In this article published in WICPA’s “On Balance” magazine, Jan/Feb 2018, we will survey key elements of a successful cybersecurity program, an organized business process that is intended to protect data, thereby protecting customers and, in turn, businesses themselves.
Written by Michael Senkbeil, MCSE, GCFA, CISSP, CISA | Partner