Up to 43% of cyber attacks are aimed at small and medium-sized businesses
Last year, up to 40% of small businesses reported data loss as a result of a cyber attack, causing them significant operational disruption, financial loss, reputational damage and customer churn due to concerns about the security and protection of their personal data.
Most SMB owners are not considered an attractive target for hackers and cyber security threats due to their size. They often believe that the target of cyber attacks are government organizations or large businesses. Hackers do not discriminate according to the size of the company. On the contrary. They consider small and medium-sized enterprises to be very attractive targets mainly due to their vulnerability, relatively weaker security infrastructure, and the fact that they are part of the supply chains of larger enterprises.
Hackers are also using small and medium-sized businesses to improve their hacking practices, with the intention of stealing employee and customer records, bank account information and access to corporate finances, opening the door to bigger fish. This fact is also confirmed by the Accenture Cybercrime study, which reveals that up to 43% of cyber attacks were aimed at small and medium-sized businesses.
Don't become a statistic
According to the World Economic Forum, human error is the leading cause of cybersecurity breaches. Most often, small and medium-sized businesses are attacked via email. According to Cisco, up to 95% of cyber attacks begin with spear-phishing emails that target employees responsible for finance or managing sensitive personal information.
As reported by smallbiztrends.com, last year up to 40% of small businesses reported data loss due to a cyber attack, causing significant operational disruption, financial loss, reputational damage and customer churn due to security and privacy concerns.
More interestingly, the Ponemon Institute found that up to 60% of small and medium-sized businesses do not have an incident response plan in place or a plan to educate employees on cybersecurity, while employees play an important role in maintaining a secure work environment. Small and medium-sized businesses should regularly organize training sessions to educate employees on best practices, such as recognizing phishing emails, how to avoid suspicious links, or how to report potential security incidents.
Get ready for the mandatory Cyber Era
As technology advances, the risk of cyber attacks will continue to grow. Small and medium-sized businesses must prioritize cyber security to protect their customers, employees and financial stability. The European Union is already aware of this, which introduced a new mandatory directive on network and information systems (NIS2) valid from 16.1.2023 also in Slovakia with the aim of creating a framework for increasing cyber security in various sectors based on the amendment and amendment of the Cyber Security Act and of relevant decrees 69/2018 Coll.
Based on legislative changes, the scope and number of entities that will have to fall under this law will also be defined. This group will include e.g. companies with more than 50 employees and a turnover of more than EUR 10 million. They can already be inspired by the updated decree 264/2023 and prepare for the given obligations. This includes conducting regular risk assessments, identifying vulnerabilities and taking appropriate risk mitigation measures. In addition, businesses must report significant cybersecurity incidents to relevant national authorities.
Get cybersecurity best practices
Qubit Conference® is already bringing a practical all-day training to Košice on November 9 specially tailored for small and medium-sized businesses, it will help you understand the most important cybersecurity requirements in line with the upcoming legislative measures and provide practical guidance for their immediate implementation.
The introduction to the training will go over the legal context for statutory security frameworks and standards, and show why to follow the framework and why not ad-hoc. It will reveal where cyber security begins, clarify the concept of cyber hygiene. Subsequently, he will reveal what you really need to invest in and thus avoid mindlessly spending money on ineffective security solutions, but also how today it is possible to optimize the use of social networks so that you do not leave unwanted traces in the digital space and prevent unwanted hacker attacks on your business. In conclusion, the training will clarify that the incident should not be feared, but should be prepared for in order to minimize losses. You will learn how and why to back up data at all, how to communicate an incident, how to learn from it and where to seek help.