Mid-Size companies are increasingly being targeted
With all the news about municipalities being subjected to ransomware attacks, small- to mid-size businesses should take note. You share the same vulnerabilities.
Imagine for a moment you’re CEO of a small- or mid-size business (SMB). You’re faced with some pretty ugly statistics: The company you’re responsible for has a two in three chance of being hacked by cyber criminals.
On top of that, two out of three SMB respondents to a recent survey believe that a cyberattack on their company is unlikely: A double-whammy of unawareness.
It’s common for the leader of an SMB to think their company is too small, too new or too unappealing to be a target. That’s wrong, and the costs for being wrong are formidable, possibly even fatal.
The average cost for a cyberbreach in any size US company is now more than $8.1 million, according to IBM. They found that on average it took a company 279 days to realize that its data had been hacked or otherwise compromised.
For SMBs who become victims of increasingly common ransomware attacks, the financial loss is not simply the ransom paid, some of which may be covered by insurance. It’s the cost of down time you need to consider, which could stretch on for days or weeks, as well as reputational damage.
Lost business is the single biggest contributor to cyberattack costs. And it’s the mid-size businesses that are even more at risk than small businesses.
Why are mid-size companies more vulnerable to cyberattack?
Definitions of mid-size businesses vary. The US federal government doesn’t even offer a definition, but there is some general agreement over what makes a business mid-size.
Ohio State University's National Center for the Middle Market defines a mid-size company as one with annual revenues between $10 million and $1 billion. Gartner puts more emphasis on the number of employees, with mid-size companies having between 100 and 1000 employees.
By these definitions there are some 200,000 companies in the US alone that fall under the mid-size category, and they’d be wise to be on high alert:
- With fewer resources for cyber security than large companies, mid-size companies are softer targets for cyber attackers.
- Mid-size businesses have less reserve capital, backup capacity, etc. They may not be able to operate as long after a cyberattack as a large company without suffering catastrophic damage. Thus, cyber attackers think these businesses are more likely to pay up in response to ransom demands.
- Mid-size businesses are more attractive to hackers than small businesses since they present more lucrative targets – higher revenues, more cash on hand to pay ransom, etc. – as well as a broader attack surface due to the higher number of employees, contractors, and others with email accounts and corporate network access.
- Some types of incidents, other than cyberattacks, are more likely to negatively impact a mid-size business: Local footprint outage of electric/data/utilities, single supplier disruption, local mayhem or disruption, loss of a key person, insider theft.
Being aware of the company’s vulnerabilities is the mid-size business leader’s first step toward achieving greater cyber security and incident response effectiveness.
The hacker's mindset
Now let’s look at the flip side of the bitcoin, at your nemesis — but through their eyes.
Imagine you’re one of the thousands of cybercriminals spread across the globe, some independent, some working at the direction of nation states or organized international crime syndicates. Let’s assume you’re one of the independents. You’ve made some nice profits in recent years because you’ve found your target niche — mid-size businesses.
You don’t go after the business leviathans out there. They have too many sophisticated, well-funded defenses you’d have to work around, and a lot of bureaucracy has to be gone through before they’ll pay you. Not worth it.
What tempts you, as well as your thousands of criminal colleagues, are the mid-size targets. They have plenty of assets to make it well worthwhile, and they have far fewer cyber defenses than big companies typically do (but not always). In short, you’ve got mid-size enterprises in your cross hairs because they are at once the most lucrative and the least protected.
They’ve got money, and their 100-1000 employees means the phishing will be good. A 2019 Verizon study shows that more than 90 percent of detected malware comes through email, either in its links or its attachments.
One of those employees is certain to click on the enticing attachment you’ve ingeniously devised. Your promise of big, big money for very little effort always makes excellent bait, especially in smaller companies that tend not to train their employees as well about the dangers of email attachments. And if that doesn’t work, you can send out a completely convincing-looking email that looks exactly like a legitimate message from the head of the business or somebody’s colleague (and you know all the colleagues from doing research on LinkedIn).
One click by an employee on the alluring attachment immediately puts you, Captain Cybercriminal, firmly at the helm. The ransomware unleashed by the hapless employee immediately blocks the company from accessing all of its files until the company pays you your ransom for unlocking its data. And you didn’t invent that clever ransomware either – you either got it for free, or bought it cheap, from the vast supply of malware code available on the Internet. All you had to do was bait the hook and “catch the phish.”
After they pay up, you may even deign to help them understand where their cyber weaknesses are. You’re not really a bad person, you can console yourself. They’re paying you to teach them a valuable lesson.
Here’s a screen shot of a typical ransomware notice – after the breach has occurred:
Back to CEO land
Now let’s say you’re among the minority of mid-size business leaders who have diligently hardened their defenses. You’ve invested in the best cyber security measures you can afford, such as backup systems, firewalls, encryption, etc.
You’ve also put time and money into devising and communicating policies that every employee must follow. You’ve drummed into employees’ heads how crucial it is for them to have strong, frequently changed passwords, and to never click on a suspicious link or email attachment.
But cyber security measures like these are, or should be, well established long before an attack. Once an attack penetrates your ramparts and steals your data or shuts down your operations, you have to respond quickly and effectively in a fast-moving scenario.
To act effectively and end the crisis as quickly as possible, with minimal damage, you need a leading-edge tool to help guide your response.
As soon as a breach is discovered, a quick response is necessary. Most ransomware attacks try to force a quick payment and keep you off balance by demanding money within a limited time period, such as 24 hours.
The problem is that time pressures raise stress levels on your already strained crisis team members. High stress clouds judgments, which can lead to rash actions.
Groupdolists’ incident response mobile app, operating entirely separately from your now hacked system, is an essential tool to ensure the most effective response and minimize chances of errors. It’s deployed as soon as the attack is discovered, in order to synchronize and manage the response team’s communications and actions:
- The app virtually assembles your crisis response team almost instantaneously and empowers them with the complete array of communications tools: conference calling, document sharing, etc.
- It guides you through your pre-planned response procedures that reside in digitized, interactive form in your private Groupdolists library.
- It provides the necessary functions to manage and coordinate the team’s response, assigning and tracking tasks — all from a smart phone.
- Groupdolists contains your pre-written, pre-approved messages and documents that can be quickly finalized and used when communicating with various stakeholder groups, including employees, customers, suppliers, local officials, investors, etc.
- It automatically archives all actions, documents, phone conversations, and any other shared media for further analysis, legal requirements and, very importantly, for training after the incident is resolved.
- Groupdolists is designed to integrate with other software, e.g., those used by outside agencies, such as law enforcement and other third parties with whom you may be coordinating your response.
- The app provides instant access to a comprehensive library of crisis-related resources based on best-of-breed response templates. The library includes successful response plans used by other companies and case studies that can help inform your response.
- Groupdolists is highly cost-effective. You’re investing a relatively small amount for software that saves millions of dollars because it enables you to end a crisis and get back to business sooner.
A mid-size business's very survival can depend on a mobile app dedicated to incident response management
Think of Groupdolists’ mobile incident response app as the response team’s fire extinguisher, always close at hand and ready to put out a fire.
Groupdolists was developed with the guidance of our Advisory Council, made up of some of the world’s most experienced cyber experts, resulting in the gold standard in incident response software. With Groupdolists, mid-size companies can climb the curve of incident preparedness cost-effectively, without the need for high-priced experts.
Our model for ideal preparedness is an integrated system we call Incident Response Level 3.0. The Groupdolists mobile incident response technology brings mid-size companies closer to this more advanced state of response effectiveness.
We cannot let the hackers win.