How Main Street Businesses Can Up Their Cybersecurity Game
By Mike Caralis, Vice President, Business Markets at Verizon
Small businesses are not only essential in keeping Main Street thriving and bustling (I love my local sushi place), but they are essential to our economy. In fact, they account for 44 percent of U.S. economic activity according to the U.S. Small Business Administration. They are also at a high risk for cyberattacks and data breaches, putting their business — including their sensitive information, customer data, and intellectual property — at great risk. Unauthorized access to data has the potential for significant financial loss that can be difficult or impossible to recover.
Meanwhile, cybercrime has become a thriving business, with 95 percent of data breaches coming from the work of financially driven threat actors using increasingly sophisticated tactics and advanced techniques to threaten companies both large and small. An expanded attack surface, including the proliferation of end points and the adoption of digital technologies without adequate security controls in place, is fueling the increase in cybercrime, according to the 2023 Verizon Data Breach Investigations Report (DBIR).
Cybercriminals see small to medium-sized businesses (SMBs) as easy targets with valuable data ripe for the taking. The Verizon report revealed that these businesses, with under one-thousand employees, are just as vulnerable to cybersecurity attacks, if not more so, than large businesses. The reason is that smaller companies may lack the resources and expertise to implement strong security controls to adequately prevent, detect, and respond to cyberattacks.
Regardless of their size, organizations are facing similar types of attacks — social engineering, system intrusion, and basic web application attacks. The top cybersecurity attacks affecting SMBs specifically, according to the Verizon report, are:
- Human element. The number one risk to any SMB is its own people. In fact, 74 percent of breaches involved human actions, whereby adversaries use social engineering and misrepresentation tactics to steal data or hold businesses ransom. Pretexting, an invented scenario that tricks someone into giving up information, accounted for half of all social engineering incidents in 2022. Phishing tactics came in second, at 44 percent.
- Using malware to block access to a computing system, ransomware was present in over 62 percent of all incidents.
- Denial of Service (DDoS). These attacks compromise the availability of networks and systems by overwhelming them with large amounts of data. DDoS attacks represented 42 percent of incidents.
- System intrusion. This technique, which involves bad actors using their expertise in hacking and malware to breach or impact organizations, accounted for 37 percent of breaches. This is a category that differs from ransomware and the human element, as it’s a more sophisticated, calculated and targeted type attack.
Seven Ways to Strengthen Your Cybersecurity Posture with Fewer Resources
If a business leverages technology, they have a cybersecurity problem. For SMBs, who already have an uphill battle, it’s vital that they have the right cybersecurity protocols in place to mitigate risks. Here are seven techniques even the smallest business can implement:
- Manage who has access to your data. Access control management uses processes and tools to create, assign, manage and revoke access credentials and privileges for users of assets and software.
- Train your employees to be security savvy. Establish and maintain a security awareness program for your workforce (even if it is a team of five) to be security conscious and reduce cybersecurity risks.
- Know where your data resides. Is your organization’s data stored on a network, on hard drives, on servers, in the cloud? Do you rely on third parties? Knowing where your data resides is helpful so you can better protect it and know what steps to take if data has been compromised.
- Create an incident response management plan. Many cyberattacks, such as pretexting, tend to escalate quickly and can have a significant impact. A plan will help an organization better prepare, detect, and respond to an attack.
- Ask questions. Here are a few good questions to start with:
- Do we have a designated information security expert on staff or a third-party trusted risk advisor?
- Is our website properly protected?
- Do we regularly back up our data and files?
- Are our company’s devices protected with antimalware and antivirus software?
- Do we regularly patch our hardware and software?
- Do we know what data we manage and where it resides?
- How much should we be spending on information security-related tools and controls?
- Consider security technical controls. Companies will want to look into basic security controls including antivirus software, firewalls, and multifactor authentication.
- Tap into best practices. There are several resources to help SMBs with best practices to help prioritize, customize, and strengthen their current cybersecurity posture and grow their efforts over time:
We want to see businesses of all types and sizes thrive. Building in a layer of cybersecurity defenses with security controls and protective measures — even one layer at a time — will go a long way to strengthening SMBs and their current cybersecurity posture. That’s a good formula for growing a company’s cybersecurity efforts, along with its business, over time.
About the Author
Mike Caralis, Vice President, Business Markets at Verizon. As Vice President of Verizon Business Markets, I lead three critical business units for small and midsize business customers: network as a service (NaaS), Fios for Business and our channel program. My team of 1,200+ professionals partner with customers on their digital transformation journeys, providing innovative managed solutions for total communications, connectivity, collaboration and security.
Our customer-centric organization delivers 5G technologies, fiber, ethernet, security solutions, and unified communications solutions such as One Talk (voiceover IP solution) and Microsoft Teams. As businesses across all segments and industries anticipate a post-pandemic comeback, they are looking to adopt 5G and its potential to create new opportunities and build new efficiencies and scale their businesses. Our team also provides Fios for Business, business digital voice, and easy to deploy and use set of security and collaboration products.
Prior to this, I served as Executive Director of Solution Architect and Engineering. In that role, my team was focused on the transformation of our technical teams, providing the best-integrated solution designs and managed services, including broadband, security and collaboration platforms. Earlier in my career, I served public sector customers at Verizon for four years. Last year, our team delivered critical services and technology to aid in the pandemic response and enable remote learning for students.
Previously, I served as the Director of Marketing and Operations for Verizon Wireless and partnered with Apple, Google and Samsung to enable a frictionless customer experience in deploying new technology and applications. As a result, Verizon was the first carrier in the world to launch Apple Business Manager, an iconic solution. Later, I led a team that launched Android zero-touch and Samsung Knox Mobile Enrollment. Prior to Verizon, I worked in various sales roles at Nextel and Sprint.
Mike can be reached online at LinkedIn and at our company website http://www.verizon.com/