Cyber security is fast becoming a significant concern for many startups in 2020 with data breaches carrying major legal ramifications. Here are the most common types of cyber attacks and what you can do to prevent them.
When small business owners were asked what their top concerns were a decade ago, taxes might have been at the top of the list. Today, cyber security threats have taken over the number one spot on that list of concerns. In its 2019 Global Risk Report, the World Economic Forum listed data breaches and cyber threats as the fourth and fifth most serious risks that businesses around the world are facing. What does this mean for startups? Here are the seven things to know about cyber security in 2020.
SMEs are particularly vulnerable
It is a well-known fact that every company, be it a small business or a technology giant, has vulnerabilities that hackers could exploit. While hackers can target any business regardless of its size, young startups and SMEs are more vulnerable to cyber attacks than their large and established counterparts.
According to a Forbes report, there will be a 300% increase in RYUK-related ransomware attacks (a specific type of ransomware) in 2020, most of which will be targeted at US small businesses. Smaller firms are more vulnerable because they do not have enough resources to set up a robust cyber security infrastructure.
Most common types of cyber attacks
Cyber crime has evolved radically over the past several years – so much so that an average SME may not have the knowledge or capabilities to combat this threat on its own. Today, hackers are going as far as selling cyber-crime-as-a-service tools to low-level hackers. The following are the three most common cyber attacks that startups should be wary of in 2020:
Phishing attacks: This is a type of social engineering cyber attack where hackers use disguised tactics to access and steal user data.
Denial of Service (DoS) attacks: This is an attack in which hackers make network or machine resources unavailable to their intended users.
Ransomware attacks: Here, hackers hijack a company’s mission-critical data and hold it until the company pays money to get it back.
Malware attacks: With these attacks, hackers inject malicious software into your system to cause damage.
You might also like Air Signatures: Authentication For the Future?
Causes of cyber attacks
In the physical world, business owners take necessary measures to safeguard themselves against crime. In the digital world, however, many business owners fail to take even the most basic of precautions, which leaves them vulnerable to cyber crime. The following are the top three causes of cyber attacks:
Unsecured Wi-Fi connections: This remains one of the main causes of cyber attacks. Unsecured networks give hackers a free pass to confidential log-in details from connected computers.
Insecure passwords: Failure to secure your passwords makes them easily accessible to hackers who can gain access to your system and launch cyber attacks against you.
Human error: According to Kaspersky, human error is the second most probable cause of a serious security breach, second to malware.
Costs of a data breach
As a startup owner, do you know how much a data breach would cost your business? According to the 2019 Cost of Data Breach Report by Ponemon Institute/IBM Security, the average cost of a data breach in the US stands at USD 3.92 million, the vast majority of which (67%) is realised within the first year of the breach. As for businesses in the Asia Pacific, Microsoft reports that cyber crime could cost businesses USD 1.75 trillion, which have resulted in job losses in 67% of firms.
For the majority of businesses across all industry sectors, the biggest cost results from the loss of customers after a data breach. It’s estimated that loss of business accounts for 36% of the total breach cost. If these figures are anything to go by, you should take proactive measures to safeguard your startup against data breaches.
Legal ramifications of a data breach
As a startup owner, you should be not only worried about the financial implications of a data breach, but also the legal consequences that may follow. Government penalties, fines, and in extreme circumstances, jail time, are some of the legal ramifications of not protecting Personally Identifiable Information (PII).
Aside from the fees and penalties that are usually imposed on companies that fail to protect PII, there are also other penalties that are usually imposed on companies that fail to report breaches. The Data Security and Breach Notification Act, which was introduced in the United States in 2017, necessitates companies to make an official report on data breaches within 30 days. The bill also stipulates that any individual who willfully or intentionally conceals a data breach could go to jail for up to five years. Similar legislation has been introduced across the Asia Pacific to tighten regulation on commercial responsibilities to protect data, including Japan’s Basic Cybersecurity Act (2014) and Singapore’s Cybersecurity Act (2018).
How to prevent cyber attacks
Key proactive measures to protect yourself and your business include:
Antivirus software: Install antivirus software on all devices. McAfee, Norton, Kaspersky, and Bitdefender have excellent options.
Regular updates: Keep all cyber security software up-to-date. Install updates for your software as soon as you receive the notification. Hackers can take advantage of weak spots in the software to access your devices.
Password security: Use strong passwords and save them through a password manager. Some examples of password managers include LastPass, 1Password, Bitwarden, and Keeper.
Two-factor authentication: Enable multifactor authentication to protect your devices.
Use encryption: Encrypt sensitive data.
Workplace training: Provide regular employee training on the importance and practices of cyber security at the workplace.
Why you need cyber security-as-a-service (CSaaS)
Devising an effective cyber security team can be a challenge for a startup. One way of avoiding the cost of that lies in considering a cyber-security-as-a-service (CSaaS) in 2020. Via these, you gain direct access to cyber security specialists for a full range of cyber security services without having to manage your strategy in-house.