43% of cyberattacks target small to medium businesses, according to SCORE. With regards to malicious software – Macro-malware and ransomware were found to comprise a significant portion of these attacks. Even to this day many businesses lack employee awareness training to foster an understanding of how to prevent these attacks – even considering the sheer cost of a data breach.
You see data breaches on these kinds of businesses in the news all the time – and that’s just the ones that are reported. It shows that there is a significant apathy towards cybersecurity in the business world that needs to be addressed.
30% of phishing emails are opened by victims, and even worse – 12% of users click on a malicious link in the email (source).
That is a massive percentage of people clicking malicious links and opening their company to all kinds of malware and revealing of user details. Interested in finding out what percentage of your organisation opens and clicks a phishing email?
Assent run a cost-effective simulated phishing attack which can help your business discover who is making your business vulnerable and reduce your attack surface.
Here are our top 5 biggest risks to cybersecurity
1. Lack of training and negligence by employees. Phishing accounts for 90% of data breaches. Employees should also be trained against common malware payloads and delivery methods. Lorators provide bespoke courses tailored to your organisation. Combined with a simulated phishing attack, this is a highly effective package to harden your organisation.
2. Unregulated BYOD policies – many smaller organisations allow employees to bring their own devices to work, regardless of the level of protection on these devices. If these devices are compromised, they risk infecting the business network and leading to a data breach
3. Failing to back up data. Every business and individual loses data at some point. Whether it be from negligence, ransomware, or other means – having backups to restore from is critical to data security.
4. Lack of cybersecurity policy. Having a business continuity plan in the event of a data breach, and adequate policies in place to deal with incoming attacks – these things may seem like a chore at first, but by doing them you significantly reduce your attack surface and greatly increase the chances of your organisation enjoying longevity.
5. Unprotected infrastructure. Without regular scans and hardening of your internal and public facing networks – you open your business to not only existing attacks – but new attacks too. In 2018, 16,500 new vulnerabilities were found in existing software. That’s 45 new vulnerabilities per day. Keep your network hardened by employing cyber-security services to monitor and increase the resilience of your network
It’s not just your security that you need to worry about. Hackers know small businesses are a great target since often they will be able to access the clients of the business’s data too. Even if you do manage to recover from a significant data breach without a solid BCP in place – your clients will not be happy.
Overall, new and sublime attack vectors are discovered every day. These methods, combined with tried and tested methods such as phishing, are a menace to your organisation unless you are taking action to plan for and deal with them.