By Lauren Reynolds, Rose Law Group attorney focusing her practice on cyber security and Dan Gauthier
This year, small and medium sized businesses in every state have been exposed to increased security threats, according to a new study by security software company Malwarebytes. These businesses are particularly vulnerable to attack because many do not have a dedicated IT department or IT security staff. According to the study, malware – i.e. malicious software – incidents more than tripled in 27 states from first quarter 2016 to first quarter 2017. In ten states, malware incidents increased by 500% or more.
Arizona businesses are not immune from attack. In fact, malware incidents in Arizona increased in volume 1332% from first quarter 2016 to first quarter 2017, at the highest rate in the country. These spikes are not limited to malware attacks. Arizona businesses also experienced the highest increase in adware, at a rate of a 1774%. Additionally, Arizona businesses saw a rise in ransomware and spyware incidents. Altogether, Arizona small and medium business endpoints, which include all Internet-connected devices, had four times the average number of security incident detections.
The studies by Malwarebytes and others[1] demonstrate that small and medium sized businesses are experiencing more cyberattacks than ever before. Coupled with the statistic that 60% of small businesses go out of business within six months of a cyberattack, Arizona businesses should take extensive preemptive protective measures.
Becoming victim to a cyberattack is a question of when, not if. One in four companies will suffer a data breach within the next two years.[2] Business owners and executives are in the best position to prevent those attacks which can be avoided, and mitigate damages of the unavoidable ones. Business leaders, in all departments, should engage internal and external assets. For example, the internal workforce should participate in periodic incident response and detection training exercises. Similarly, external partners should be engaged to assist with the response planning process and vendors should be vetted to ensure they are not exposing the business to undue risk. These are just a few of the many things businesses can do to minimize the risk of an attack or security incident.
The cyber landscape is amorphous. This is especially so when it comes to cybercrime. As larger corporations pour money into their IT security budgets, cybercriminals have shifted to attack small and medium sized businesses. For cyber threats, prevention is far superior to treatment. Small and medium sized businesses must be aware they are the targets and prepare accordingly.
[1] See Symantec: Internet Security Threat Report 44 (Apr. 2016); Joe Ross, Small Business Security: A 2016 Survey, Huffington Post (May 12, 2016, 3:52 p.m.), http://www.huffingtonpost.com/joe-ross/the-state-of-small-busine_b_9911704.html.
[2] Ponemon Inst., 2017 Cost of Data Breach Study: Global Overview 1 (June 2017).
