'Cyber security is for all businesses' noted Mr. Jonathan Lavender, Global Chairman, KPMG Enterprise, KPMG International, on the occasion of the cunderway in Davos. As he explained, hackers are always targeting the unprepared and this is why the majority of cyber-attack victims are small businesses.
There is a big misconception that only large, billion-dollar corporations are targeted. The truth is that cyber hackers are opportunistic and seek out organizations that are not prepared, regardless of size. In fact, the majority of malware victims (58 percent) are small businesses, which, for many reasons chief among them cost, tend to be least prepared for a cyberattack.
The threat of a cyber-attack to derail growth is keeping CEOs of large organizations up at night, according to a KPMG’s survey of 1,300 CEOs around the world. Almost half of respondents (49%) said that becoming the victim of a cyber-attack is a case of ‘when’, not ‘if’.
Notably, in 2018, there were 53,000+ security incidents and 2,216 confirmed data breaches in the US alone, according to a new report by Ponemon Institute and sponsored by Keeper Security.
In this regard, Mr. Lavender highlighted that collaboration across industries, boarders and public and private sectors is key to an integrated response to cyber-attacks, given the threat specifically to private businesses, their involvement in developing a global control system is both essential and necessary.
While their vulnerability is clear to cyber criminals, small businesses do not appear to be taking action to shore up their defenses. Only about half of small businesses report having a clear cybersecurity strategy, said another survey by US insurer Hiscox.
It’s understandable as resources are limited and working in and on the business to drive growth is the main focus for many small business owners. Still the risk to reputation, customers and the bottom line should not be ignored.
Five key findings on cyber protection:
- Cyber security is not just a technology issue. It’s a business issue that should be prioritized and that requires a holistic approach.
- The threats aren’t just external. Gaps in various links in the supply chain can also leave a company exposed. Or an employee may inadvertently click on a rogue link or open malware in an email. In all cases, the damage can be significant.
- Vigilance is key. This means being proactive, staying up to date and sharing information about cyber threats and vulnerability. In the UK, the National Cyber Security Centre issues alerts and advisories to address cyber security issues being detected there.
- A rapid response plan that takes hold within 48 hours is critical as important information leading to the identification of the who, what, where, why and how of the attack may be overwritten or erased. Digital and automated solutions can help companies react quickly.
- Behavior matters. The most technically sophisticated security solution is completely useless if it isn’t used correctly by the majority of those within the organization. This will require embedding cybersecurity in the company culture.
Source:safety4sea
