Explore our Cybersecurity Webinars
Watch previous webinars and register for upcoming webinars here.
.jpg?ext=.jpg)
Is Cybersecurity Just a Fortune 500 Concern?
When you think about cybersecurity, what is the default company type that comes to mind? Most likely you are thinking of a large corporation. This is a logical assumption because cyberattacks are usually after data, money, or both. The large companies would be the most logical targets.
This line of thinking has contributed to some nonchalance among smaller companies where cybersecurity is concerned. Management teams of companies with 1,000 employees are fewer figure they would not be worth a cyber attacker’s time and would not be of any interest. If you have made these assumptions, there is some bad news. Increasingly, cybersecurity needs to be a concern for everyone.
There are two significant reasons why smaller businesses should work on defining and managing cybersecurity risks now. The first reason applies to small businesses of all kinds, and that is simply the increase in phishing, ransomware, and other cyber incidents in this sector. The second reason is more specific to companies that are part of the aerospace or Department of Defense supply chain, where cybersecurity is not just a good idea, it is mandated.
The Small Business Cybersecurity Conundrum
Recently, Verizon released its annual DBIR, or Data Breach Investigations Report. In the report, incidents at large businesses (1,000+ employees) are compared with incidents at smaller businesses (less than 1,000 employees). There were 699 cybersecurity incidents in the small business sector versus 496 in the larger companies. Of the attacks that involved smaller businesses, 98% were motivated by financial gain. Why not attack the larger companies where more money could be stolen? Larger companies are more likely to have strong cybersecurity infrastructures because they can afford to do so. Smaller companies often prioritize other things above cybersecurity and assume they are not likely targets.
What is a small business to do? Cybersecurity assessments and fixes can be expensive. Your company might need to update physical security measures as well as digital ones. You might need to update your computers or programs.
Unfortunately, the hard reality is these preventative expenditures are still going to be less than what a data breach can cost you. In the case of ransomware, you need to pay the hacker and then remediate the issue. Not only do you have to make those financial investments, but your company is probably going to be unable to run while the remediation process is happening, so money will be lost that way as well.
Aerospace and Defense Small Business Contractors
Small businesses that work in the Aerospace or Defense industries have an extra reason to pay attention to cybersecurity. If a company handles Controlled Unclassified Information (CUI), compliance with NIST 800-171 is mandatory, and a large part of compliance is making sure your company’s cybersecurity infrastructure is assessed annually at a minimum, monitored daily, and secured all the time.
The newest iteration of NIST 800-171, Rev 3, which likely will be released in late 2024, is, like CMMC 2.0, going to call for independent assessments by a C3PAO. Many smaller businesses are concerned about the cost of these assessments on top of earning compliance to the standard. The Department of Defense is not entirely sympathetic because contractors were supposed to be compliant with NIST 800-171 as of January 1, 2018. Whatever your sentiments, small business contractors will have to deal with these realities in the near future.
What Can Small Businesses Do Now About Cybersecurity?
The simplest answer to this question is to begin slowly with small steps. Start to initiate training programs with your full roll of employees to help avoid phishing attacks and social engineering attacks. Schedule a meeting with Smithers to discuss your organization’s current cybersecurity situation. Implement a cybersecurity audit so you can see where the weak points are and remediate those quickly. Although these steps will not take you all the way to where you want to go, they will point you in the right direction.