According to a 2017 published study by Advisen and Experian, one of the biggest threats facing small businesses comes from within, such as overconfidence in the organization’s ability to protect itself and recover from cyber security attacks. While businesses in the survey aren’t claiming to have exceptional cyber security plans and policies in place, there is a disconnection on how well prepared companies to believe they are compared to third-party security experts. Modesty is an often overlooked virtue in business cyber security; knowing that your business needs to continually evolve and improve practices is a defense mechanism of its own.
The People Problem
Hackers are shifting their attention to a different part of the system when trying to break in: the human aspect. Hackers are using increasingly sophisticated phishing scams through email, web-linking, and phone calls to trick humans into handing over information instead of dealing with strong technical security implementations.
According to the Experian survey, “80 percent of legal experts and 68 percent of brokers were concerned, versus just 61 percent of risk managers”, pertaining to employees able to successfully identify and avoid phishing and social engineering attacks. Businesses, then, need to emphasize employee education on avoiding phishing and social engineering attacks.
Internal Vs. External Perspectives
According to the Experian survey, on a preparedness scale of 1-to-5, business risk managers rated their employee education programs 3.36. However, legal experts and data brokers gave those same programs 2.91 and 2.57 scores respectively. This disconnect is important because it shows that businesses tend to realize that they have a lot of room for improvement but they undershoot how far their practices need to grow.
Fortunately, firms aren’t as off-base when it comes to assessing preparedness versus other businesses: 54 percent of companies report that their IT security preparedness is better than their competition. Employees further removed from the metaphorical front-lines may be more confident. According to a Deloitte study, 76 percent of business executives are “highly confident” in their firm’s ability to respond to a cyber security attack.
Different businesses face different challenges. According to a FICO survey, telecommunications businesses were the most confident whereas healthcare organizations were the least confident in their company’s cyber security protection. However, the healthcare industry perspective could stem from hackers narrowing-in on the hospitals and healthcare providers as the top target. The legal industry and financial service industry businesses are also major targets for cyber attacks.
The silver-lining in the Experian survey is that businesses and security experts are in agreement on what their biggest security concerns should be: phishing for personal/financial information, ransomware attacks, and IoT vulnerabilities. Is your business looking to improve its cybersecurity practices? The IT consulting experts at MPA Networks can help. Whether it’s through desktop support and management or disaster recovery solutions, your company can always work to improve cyber security. Contact us today!