The rapid evolution and growth of Internet-connected “smart” devices and systems – from phones and tablets to commercial truck telematics networks – is exposing businesses and consumers alike to a higher risk of cyber-attack, one that small businesses may not prepared to meet, according to a new survey.
A poll of 500 small businesses across a range of industries by insurance firm Nationwide indicates that almost eight in 10 small business owners or 79% don’t maintain a cyber-attack response plan even though a majority of them (63%) say they’ve been victims of at least one type of cyber-attack.
Mark Berven, president and COO of Nationwide’s property & casualty operation, noted that among the small businesses polled that did not maintain cyber-attack response plans, 46% said they felt their current software is secure enough, while 40% said they didn’t think they’d suffer a cyber-attack.
That’s an attitude Michael Kaiser, executive director of the National Cyber Security Alliance (NCSA), said is unrealistic amid the increasingly digital environment businesses and consumers function within every day.
“The Internet is evolving into something that connects everything and everyone,” he said in a recent statement. “Our vehicles are quickly morphing into ‘smartphones on wheels,’ the number of connected devices at home and at work is rapidly rising.”
Indeed, according to recent research by Intel, the “Internet of Things” or “IoT” is predicted to connect some 200 billion “smart objects” by 2020 or around 26 smart objects for every human being on Earth.
Yet securing all of those devices poses an enormous challenge, argues NCSA’s Kaiser.
“The emerging world of IoT has the potential to be a transformational technology, but to reap its many benefits, the world of IoT must be safe, secure and trusted,” he stressed. “Individuals and businesses that adopt IoT should be sure they know how to keep the devices secure, understand what data is being collected and where it’s being stored, and how to take advantage of any available user controls for the device.”
With the increased ability to connect more devices to the Internet, businesses can enhance efficiency, save money and have better access to opportunities, Kaiser added.
But having more data can also make businesses – and their customers – more attractive to cyber criminals, he pointed out.
And the costs of cybercrime are rising, according to research by IBM, which indicated that it cost businesses about $100 billion in the U.S. every year. IBM added that the average cost of a data breach for companies with 1,000 employees is estimated at $15.4 million; an 82% increase from 2009.
"Organizations are embracing the digital world with enthusiasm, but there must be a corresponding uptick in addressing the increasingly sophisticated cyber threats,” noted Ken Allan, global cybersecurity leader at consulting firm Ernst & Young (EY).
“Businesses should not overlook or underestimate the potential risks of cyber breaches. Instead, they should develop a laser-like focus on cybersecurity and make the required investments,” he stressed. “The only way to make the digital world fully operational and sustainable is to enable organizations to protect themselves and their clients and to create trust in their brand."
EY recently surveyed 1,755 organizations from 67 countries regarding the cybersecurity issues facing businesses today and found:
- 88% do not believe their information technology (IT) security structure fully meets their organization's needs.
- More than one-third (36%) said they still lack confidence in their ability to detect sophisticated cyberattacks.
- 47% do not have a security operations center, 36% do not have a threat intelligence program, and 18% do not have an identity and access management program
- More than half (57%) said that the contribution and value that the information security function provides to their organization is compromised by the lack of skilled talent available, compared with 53% of respondents in the 2014 survey, indicating that the situation is deteriorating, rather than improving.
- The most likely sources of cyberattacks are still criminal syndicates (59%), hacktivists (54%) and state-sponsored groups (35%). However, compared with EY’s survey last year, respondents rated these sources as more likely: up from 53%, 46%, and 27%, respectively, in 2014.
"Cybersecurity is inherently a defensive capability, but organizations should not wait to become victims,” stressed Paul van Kessel, EY’s global risk leader.
“Instead, they should take an 'active defense' stance, with advanced security operations centers that identify potential attackers and analyze, assess and neutralize threats before damage can occur,” he explained. “It is imperative that organizations consider cybersecurity as an enabler to build and keep customers' trust."