Story image

Despite more training, SMBs feel unprepared for cyberattacks - Webroot

02 Jul 18

Businesses in the US, UK and Australia are taking cybersecurity seriously – with almost 100% of respondents conducting some form of employee cybersecurity training, a Webroot report has found.

However, despite these efforts, 79% say they aren’t completely ready to manage IT security and protect against threats.

In a study of 600 IT decision makers (ITDMs) at small-to-medium-sized businesses (SMBs), Webroot found that the attacks organisations believed themselves to be most susceptible to in 2017 are rapidly shifting in 2018, while the estimated cost of a breach is decreasing.

Key findings:

  • Most dangerous threats evolving: Phishing displaces new forms of malware globally as the No. 1 attack that ITDMs believe their organisations are most susceptible to in 2018.
     
  • Top threats vary by country: US ITDMs think their business will be most susceptible to phishing threats (56%), while the UK fears ransomware attacks (44%) and Australia DNS attacks (52%).
     
  • Training isn’t continuous: Although almost 100% of businesses train employees on cybersecurity best practices, that figure drops to half or a third when asked about training “continuously,” which is vital for effectiveness. This leads to the next stat, 79% can’t say they are “completely ready to manage IT security and protect against threats.”
     
  • The cost of a breach drops: While breaches continue to proliferate, the estimated cost of a breach may be on the decline.
    TDMs estimate a cyberattack in which their customer records or critical business data were lost would cost an average of:
  • $527,256 in the US – a 9% decrease from 2017. 
  • £305,357 in the UK – a 59% decrease from 2017.
  • AU$994,025 in Australia – a 48% decrease from 2017.

Webroot worldwide business sales vice president Charlie Tomeo says, “As our study shows, the rise of new attacks is leaving SMBs feeling unprepared.

"One of the most effective strategies to keep your company safe is with a layered cybersecurity strategy that can secure users and their devices at every stage of an attack, across every possible attack vector."

Tomeo adds, "For many businesses, relying on a managed service provider (MSP) when time and expertise aren’t readily available is a crucial step to strengthen their security efforts."

Webroot had several cybersecurity guidelines for small to medium-sized businesses:

  • Always be educating: With threats continuously evolving, so must employee cybersecurity training. Training during onboarding isn’t enough. Employees need ongoing training to address the latest and most dangerous attacks.
     
  • Don’t forget about mobile. Bring your own device (BYOD) is now a reality for many companies. And while everyone wants to be connected, unknown devices brought in by employees also bring in unknown risks to the network. Finding a balance between providing employees corporate access and ensuring information security requires device control policies, device-level security and mobile workforce security training.
     
  • Email from my boss or my attacker? Phishing is the top attack vector, with cybercriminals becoming sneakier than ever. Even if the sender looks familiar, be sure to check the sender's email address is legitimate and don’t click unknown links in social media, email, or text. Regular phishing attack simulations maximise awareness of different phishing methods and minimise the many consequences.
     
  • Evaluate your risk profile: Every business has different risk factors. If you don’t have the expertise, an MSP can assess your security posture and work with you to develop a plan for ongoing risk mitigation.
     
  • Plan for the worst: Develop a data breach response plan that includes security experts to call and a communications response plan to notify customers, staff, and the public. Make sure you are regularly backing up your data with hard data and offline versions. Remote computer backup could be vulnerable to ransomware and other threats if not ‘air-gapped’. Research by the Better Business Bureau revealed that 50% of SMBs would operate at a loss within a month of a total data loss incident.
HPE promotes 'circular economy' for end-of-use tech
HPE is planning to show businesses worldwide that throwing old tech and assets into landfill is not the best option when it comes to end-of-use disposal.
This could be the future of ridesharing
When you hear the words ‘driverless vehicle technology’, the company Bosch may not immediately spring to mind.
2019 threat landscape predictions - Proofpoint
Proofpoint researchers have looked ahead at the trends and events likely to shape the threat landscape in the year to come.
InternetNZ welcomes Govt's 99.8% broadband coverage plan
The additional coverage will roll out over the next four years as part of the Rural Broadband Initiative phase two/Mobile Black Spots Fund (RBI2/MBSF) programme expansion.
Commerce Commission report shows fibre is hot on the heels of copper
The report shows that as of 30 September 2018 there were 668,850 households and businesses connected to fibre, an increase of 45% from 2017.
Dr Ryan Ko steps down as head of Cybersecurity Researchers of Waikato
Dr Ko is off to Australia to become the University of Queensland’s UQ Cyber Security chair and director.
Businesses in APAC are ahead of the global digital transformation game
“And it’s more about people and culture - about change management - along with investing in the technology.”
HubSpot announces fund for 'customer first' startups
HubSpot is pouring US$30 million (NZ$40 million) into a new fund to support startups that demonstrate ‘customer first’ approach of not only growing bigger, but growing better.