At least, according to cybersecurity experts.
There were around 500 million people with personal information leaked and over $2 billion stolen or lost in damages between 2015 and 2016 alone – and, chances are, you heard of at least one of the many high-profile data breaches during this time. Experian, Target and Yahoo all experienced massive data breaches within the past two years.
Beyond the private sector, government agencies such as the Office of Personnel Management (the bureau in charge of background checks on all government employees) were hit with cyberattacks, causing data leaks of over 22 million individuals who had undergone federal screening.
These numbers are quite alarming as top cybersecurity firms and analysts agree 2017 will see even more data breaches through the creation of ever-evolving and sophisticated malware.
Size Doesn’t Matter
In the cyber world, there are few things being bought and sold faster than data. Personal records, financial information, and even intellectual property are being distributed and exchanged for money or other data – and business is booming.
Organizations of all sizes were not fully aware of how this deeply embedded malware could potentially be infecting their systems without their knowledge until just recently.
The prevalence of zero-day attacks was not fully understood either. This has allowed attackers to prepare and disseminate virtually undetectable software to perform data dragnets across many networks, big and small.
It would be naïve to assume that all the data breaches occurring are currently exposed and being corrected. This is even truer for smaller, community-driven businesses that may have little to no persistent network security monitoring.
The Cost
Per the non-profit online security analysts Online Trust Alliance (OTA), approximately 82,000 cybersecurity incidents impacting more than 225 organizations worldwide were reported in 2016.
“As the majority of incidents are never reported to executives, law enforcement or regulators, the actual number of incidents causing harm combining all vectors including DDoS attacks could exceed 250,000,” OTA said.
Given this, it is well known by those affected that data breaches are expensive – and the longer the breach takes to discover, the more these costs can compound.
“If a breach took a long time to be found, then something about the existing infrastructure made it hard to discover the weakness sooner. That calls for rearchitecting the infrastructure, typically an expensive and time-consuming project. But that imperative is not always heeded,” says OTA. However, the cost of notifying victims and hiring security consultants to investigate, identify, and fix the problem can cost a company a lot more.
This is only the beginning as the costs of such an attack continue to rise when downtime, lost productivity, and the resulting lost revenue are considered.
Today’s Need For Cyber Defense
The scale of small business networks is becoming more complex as even basic technologies evolve.
Cloud deployment, fluid transfer of data across multiple devices, and the incorporation of all things Internet have made it increasingly difficult for your everyday office worker to navigate and detect threats.
For the attackers, though, nothing has changed. Malware will keep infecting these new systems and attackers will keep hunting for data to steal. “Cyber-attacks and cyber-defense is not a battle of attrition, it’s an arms race,” Ray Rothrock, CEO of Red Seal Security Analytics, says.
It is important to always be ahead in this race and, for businesses, it is becoming increasingly evident that having a full-time cybersecurity team at the ready is necessary for a fluent and successful operation.