Middle-market companies are facing the bleak reality that
they must increasingly combat cyber threats on their own – with little help and
fewer resources than their larger counterparts. Many are finding that they are prime
targets ready for ambush by cybercriminals. Because of their modest size,
limited resources and long-held perceptions that midsize companies are too
small to be targets, hackers have capitalized on their vulnerability. Middle
market businesses have in many ways become sitting ducks at a time when cyber
threats are more commonplace, sophisticated and increasing in severity and
scale.Alone in the fight. With headlines focusing on breaches experienced by large
corporations, it may come as a surprise that 85 percent of all cyber-attacks
target companies with less than $2 billion in revenue. However, this group is
largely overlooked by the federal government, policymakers and law enforcement.
While recent policy efforts have been focused on helping large corporations
with complex technology, infrastructure and defenses, nobody seems to be
looking out for the most vulnerable. Not only have these efforts driven cyber
criminals to shift their focus to the middle-market, which can be just as
lucrative, but they have left midsize companies with few adequate defenses and
little guidance. Without dedicated IT security departments or sophisticated
technology defenses, these companies often have nowhere to turn.
When actually faced with a cyber-breach, it’s often like
being in the Wild West without any sheriffs. Local police generally aren’t
equipped to handle advanced cyber-attacks. And while the FBI will certainly
listen to claims of cyber threats from companies, they’re often unable to
assist, unless the attack is against a systemically critical institution or the
dollar amount of the threat or breach is extremely high.The growing gravity of the
problem.Middle market companies are acutely aware of how alarming
the problem of cybercrime has become. They’re experiencing a significant rise
in cyber-attacks that are getting increasingly more sinister. Greater than half
of middle market executives surveyed recently by RSM believe that an attempt to
illegally access their company’s data or systems is likely in 2019, an increase
from 47 percent in 2018. According to RSM’s Middle
Market Business Index Cybersecurity Special Report, among attacks,
Ransomware has become the most popular breach method for cybercriminals,
responsible for nearly one third of losses.With fewer resources available to respond and react, a shockingly
large number of companies that experience a major cyber breach are forced to
shut down their operations. Between
50-60 percent of small and medium-sized businesses report going out of business
within 6 months of a breach, according to recent SEC
estimates. Larger middle market organizations are the most at risk because they
have high volumes of valuable data that attracts cybercriminals but lack the
robust security resources of their large corporate peers.As a result, cyber insurance is becoming more and more
pervasive, though businesses often don’t fully understand their insurance needs
or crucial details of their protection plans. Adding insult to injury, the
privacy and reporting compliance burden on middle market firms continues to
grow, with potential for even greater complexity due to individual state
mandates like California’s and Europe’s GDPR adding to their pain. And
according to RSM, only 40 percent of executives say they’re familiar with the
guidelines of GDPR or other privacy regulations.No quick fix, but time to harden
the approach.While there are no quick or easy solutions to the problem, lawmakers
can help by providing clear guidance, tools and easy-to-find resources tailored
to the unique needs of middle market companies. For middle market businesses,
the time is now to address this unfortunate new state of cybercrime and harden
cyber defenses head on. Companies should develop and refine their cybersecurity
frameworks to protect both internal and customer data through better, more
advanced technology, streamlined processes for identifying and addressing
threats and further employee education and direction for the entire
organization. As the cyber war on middle market organizations continues to
intensify, all involved must bring a new urgency to addressing these
unfortunately new realities or risk further damage to a crucial though already
distressed segment of our economy.
There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]
It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
