It is high time that we pay more importance to cyber-attack. While the high profile cyber-attacks, mostly against banks, big businesses and the governments have made the headlines during the recent months, small and medium businesses are also targets of cyber-attacks. The methods are more sophisticated nowadays and the frequency is increasing as well. These attacks are more pervasive, well directed and penetrates even stronger security. These attacks are hard to detect and they are certainly difficult to prevent.
A study by Deloitte 2012 Global Financial Services Industry Security showed that while the preventive measures are getting advanced and more awareness about the whole issue is rising, almost one fourth of all the businesses said that they have experienced security breaches in last one year. More than half of the participating banks have said that they consider the third party real time cyber-attacks as a highly potential threat.
Not only these security breaches of information costs money to the company, mostly in the healthcare, financial and education sectors, these breaches should be made public, under the governing authority’s compliance regulations demand. The consequences of cyber-crimes should include customer notification and remedial costs, increased expenses on cyber security, possible litigations, impact on the share and equity values, lost revenues and also irreversible damage to the reputation.
Businesses of all sizes come under attacks but the small and medium businesses are easier targets as they can afford to spend less time and money on cyber security. Thus, the attacks on these organisations are increasing daily. To make the things easier for the cyber attack real time, the small and medium business users click on the links more easily, install applications without learning much, access harmful websites and ignores the possible threats.
From a security perspective, these businesses lack the money, time and expertise to secure their online properties. Moreover, when they have limited budget, the management often wonders why they should even spend on online security.
Traditionally, cyber security was considered to be an IT issue and was often integrated with the operational risk management. The IT guy can’t handle the threats alone if there is no awareness among the employees about the potential threats. The employees of every department, including sales, human resource, finance, legal and operations, should take responsibility for the security for their own data. The responsibility must be shared with the IT department to avoid any disaster.
By typographyimages from Pixabay