In the past year or so, we have been pushing for more robust security. Many times, this involves either an expense, such as a monitoring platform, or an inconvenience, such as multi-factor authentication. Many people resist, citing “We’re too small to be a target.” Or “We have nothing of value for them to steal.” While it can be difficult to justify spending money on something that hasn’t happened, I like to cite the quote by Brian Foote:
“If you think good architecture is expensive, you should try bad architecture.”
You may be able to save a few bucks on your monthly expenses or a few seconds off your login times. But what are you risking by doing so? It seems logical to resist these changes. After all, the attacks you see on the news are against very large companies. So, you have nothing to worry about, right? The Verizon 2020 Data Breach Investigations Report shows that 28% of all attacks in the US were against small organizations. It also shows 88% of companies with less than 1000 employees had upwards of 16 hours of downtime after a security incident. And, perhaps the most sobering statistic… 60% of small companies go out of business after a cyber-attack.
Think about that last one for a minute. When you get a notice that a company you do business with exposed your personal, financial, medical, or other information to hackers… what is the first thought you have? You might want to find a new business to cover that need in your organization or personal life. That is not to say that any system can be made 100% secure, because that is just not a possibility. But when breaches are preventable by using basic security measures, it is logical to question the company’s competence and dedication to protecting you, their customer.
Why bother robbing banks when you can pick pockets?
There is less risk for the attackers. They are less likely to draw attention from federal investigators this way. The REvil attack on Kaseya has gained national attention, making them a target. The DarkSide group found themselves in a similar position after their attack on the Colonial Pipeline, being shunned by even their own dark web cohorts after drawing too much attention. Many small time hackers will continue to target small businesses. They seem like the “low hanging fruit” of the industry because they don’t typically have access to the protections of a large data center or enterprise level solutions. We aim to change that perception by providing enterprise level tools without the enterprise price tag.
At the end of the day, security is like insurance. It is more than going through the motions. By adding these simple layers, you drastically reduce the opportunity for an attacker to gain meaningful access to your systems, accounts, or data. They seem like an unnecessary expense or annoyance, but they may very well keep you from being added to the statistics above.
Ready to up your security game?
Build an effective response process from scratch or improve upon your existing one.
Give us a call for a cybersecurity assessment!