We thought it would be interesting to review threats to small businesses as they are now versus roughly 10 years ago. Or to 2007 at least.
According to the National Cybersecurity Institute, these are the top 8 threats that may affect small businesses in 2016:
1. Growth of mobile malware.
2. Data theft from IoT devices.
3. Cyber espionage.
4. More cyber criminals due to expansion and creativity of internet underground (think Ransomware)
5. Extortion attacks from stolen data.
6. Ransomware on Internet of Things.
7. Hacker mercenaries.
8. Stolen data aggregation.
And since we are more than halfway through 2016, we think it’s safe to say that this is pretty much on point. As the IoT becomes more and more a part of our homes and businesses, the threats to them become more and more expansive. And small businesses will always be at risk for their intellectual property and critical information which makes them ripe for cyber-espionage, criminals and mercenaries.
So how does this compare to 2007? This top 5 list is from Small Business Trends:
1. Malicious Code.
2. Stolen/Lost Laptop or Mobile Device.
3. Spear Phishing.
4. Unsecured Wireless Internet Networks.
5. Insider/Disgruntled Employee Threat.
These threats still exist today and are more vehicles for cyber attackers to use to gain access to your systems in order to enable them to access the larger pieces of critical information. But I think the main difference lies within mobile. We are increasingly more and more mobile. We can access company files through our phones or tablets, we can download large reams of information from websites to our devices, and we are at more and more risk from unsecure apps and devices.
So what can we take away from this? First, the more things change, the more they stay the same. The threats from 2007 are still very much a threat and need to be addressed. Phishing and Whaling are at all time highs, and we need to be focused on our networks, and our employees. At the same time, the more technology improves, the more surface areas attackers have to gain access to our most critical information. We need to develop effective policies and programs to address these. What does our BYOD policy look like? How much access do we provide to our own files from mobile devices? Where can we get better?
Technology benefits every organization in ways never dreamed about, but it also brings risk. Be an active user and be an alert and aware company that focuses on security and protecting your critical information.