As a privately held organization, you may worry about managing your growing company, how to boost sales or the best way to approach marketing practices, but if you aren’t careful, you may have a much bigger problem: cybersecurity. With the rise of artificial intelligence, there are more opportunities for cyberattacks if you aren’t aware of what you need to be protected.
Hacking is Big Business
The FBI reports that the cost of cybercrime topped $2.7 billion in 2018 – and that’s just the volume of financial losses reported to the Internet Crime Complaint Center (IC3). Cyberattacks are frighteningly common. Business insurance company Hiscox says that 47% of privately held businesses in the United States have experienced at least one instance of hacking in the past year and 44% of those firms have had as many as four cyberattacks.
If it seems like hackers are targeting privately held businesses, you aren’t wrong. According to Verizon’s 2018 Data Breach Investigations Report, over 60% of security breaches in 2018 involved small organizations– a leap of 8% from the year before – and the cost to the company is high. Most privately held businesses report that getting hacked cost them somewhere between $84,000 and $148,000. The damage is high enough that 60% of organizations that experience a data breach will go belly up in six months or less. Yet, some 90% of smaller firms do not have a cybersecurity plan in place.
Privately Held Businesses Are More Vulnerable Than Large Corporations
You might wonder why a group of hackers would want to hack your organization over trying their hands at a larger corporation. Rick Koski, Vice President of Operations at Aldrich Technology, has the answer. “You have employees. They have names and addresses, social security numbers and credit profiles. That’s all hackers need to obtain credit cards, file fraudulent tax returns, etc.”
Hackers don’t care how small your operation is. In fact, they often are not “people” at all. They are more often (and increasingly) machines.
Today’s hackers are criminal enterprises with entire teams devoted to stealing personal and corporate information for financial gain. They do this because the “industry” is so profitable – and that fact only makes the field more attractive and, in turn, better funded. Hacker organizations can afford next-gen artificial intelligence, and the automated tools that do the heavy lifting for them are ALWAYS ON.
Add to that a tendency of smaller firms to lack the modern security measures that larger corporations utilize, and privately held businesses become an ideal target.
Understanding the Cybersecurity Problem
To a hacker, you are not a small business. You are a number, or rather a series of them. Computers are automatically assigned Internet Protocol (IP) addresses when they go online. To hackers, the connected machines at your company are nothing more than a series of IP addresses. The tools that they will use against you are the same ones they would use against a large corporation.
In many cases, these hackers may not even know that they are trying to gain access to your computers specifically. They use automated systems to scan networks and IP numbers, looking for a way in.
It isn’t personal.
Hacking in this modern age is rarely about gaining access to specific information. Hackers are just looking for a vulnerability. Here are some of the most common issues.
One of the most significant issues that organizations face is outdated systems. “Understand that Microsoft is overwhelmingly the leader in business. Second, of course, is Apple and then the proliferation of handheld devices from various manufacturers. In smaller firms, Microsoft is the most used,” says Rick. “The problem is that Microsoft has had many different evolutions of its operating system and they put all of their attention on the latest versions. The cost of staying ahead of the “bad guys” means that Microsoft is not investing as much in trying to improve the last generation systems, often leaving earlier versions more vulnerable to attacks.
Many privately held businesses also encounter risks through their employees. When staff is sparse, some people end up wearing many hats, and those roles may give them access to your complete files. That may be okay as long as those individuals are on protected computers and smart about how they access your systems, but if they aren’t careful, you could end up with a big problem. Also, it is not unusual to find organizations that do not terminate employee access to files and documents when they leave the company. “It is mind-boggling how many businesses don’t lock people out of data systems at the point of termination,” says Koski. “These old accounts are a simple way into your system.”
A placebo is something that is taken that might make the patient feel better but has no medical necessity or effect. The IT industry is full of Placebo providers. These are companies that use hardware and software that is inexpensive but offers great protection. Placebo manufacturers have a great market with companies that have too much focus on cost versus performance.
Another issue for organizations in our modern day is artificial intelligence. “I have seen more successful cyberattacks in the last 18 months than in the past 20 years,” says Koski. “Some of the biggest advancements in artificial intelligence are within the hacking community. AI tools and systems are getting better every day.” Hacking groups automate their efforts, they are trying to find a computer to hack 24 hours a day, seven days a week. You have to learn how to play defense if you are going to keep your information (and your company’s data) safe. You need to take action.
Hiring a team like Aldrich Technology to protect and monitor your systems will help you prevent a breach, but it is not the only cybersecurity step you should take. In our next blog article, we will discuss how you can keep your organization safe from hackers. Stay tuned!
Meet the Author
Vice President, Technology Operations
Aldrich Technology LP
Rick Koski leads technology operations for Aldrich Technology. After successful careers as a nuclear submariner and as an engineer with Lam Research, Semi Sematch and Critical IT Solutions, Rick became partners with Lighthouse IS founder Peter Adams in 2005. Rick has the unique ability to cut through technical complexity and give an executive clear, actionable…
- Networking and infrastructure
- Technology roadmapping
- Business systems