The Not So Small or Medium-Sized Threat to SMBs
A new year has arrived. It’s 2019 and employees from Efficient Services Escrow Group are recollecting the previous weeks’ still-palpable holiday cheer. But, as the firm’s accountants review its December transactions, they see an anomaly a few short days before Christmas… something has gone horribly wrong. As news slowly breaks, employees begin to discover that $432,215.00 from its accounts in Huntington Beach are suddenly unaccounted for. The news is striking, but certainly not over, as bad suddenly goes to worse. An additional $1.1 million dollars via two unauthorized wire transfers are discovered outbound to China’s northern province of Heilongjiang. Efficient also soon discovers that the first wire transfer is resting in a bank in central Moscow.
The company’s ad hoc response is lucky enough to recover the $432,215.00 but the other transfers go unresolved. Efficient complies with California law and reports its loss of funds immediately. In less than a week from the detection of the incident, the California Department of Corporations orders the escrow company to come up with the missing funds. Unable to replace for the funds lost and caught up in a rat race to discover where, when, and how the money had been stolen, authorities are left with no choice but to shut the entire firm down.
The story almost sounds scripted – cyber criminals, hundreds of thousands of dollars being wired to foreign banks overnight, and a promising business forced to close and lay off its entire staff. Unfortunately, it’s not. This futuristic tale is an actual account from 2013. What makes matters worse for small and medium-sized businesses (SMBs) is that these nightmarish scenarios aren’t uncommon when it comes to cyber attacks. In fact, SMB’s are a principal target for cyber attacks and, according to figures from the National Cybersecurity Alliance, 60% of small businesses are forced to shut down following an attack. What makes matters worse for SMBs is that they often lack the capital to invest in adequate cybersecurity programs and staff. As a result, the enterprise risk posed by cyber threats and incidents is often accepted rather than transferred or mitigated.
Help is on the Way
With SMBs serving as a prime target for nefarious cyber attacks, the United States government is taking proactive measures to provide additional resources for small businesses to safeguard their networks. On August 14, 2018, President Donald Trump signed the NIST Small Business Cybersecurity Act (formerly known as the MAIN STREET Cybersecurity Act) into law. The act mandates that the National Institute of Standards and Technology (NIST) provide resources specifically tailored for SMBs. And they need it.
A survey of 1,420 small business owners published in March 2017 by Manta suggests that only 69% of small business owners currently have controls in place to prevent hacks. The resources provided by NIST will be designed to promote awareness of simple, achievable controls; a workplace cybersecurity culture; third-party stakeholder relationships; and cybersecurity best practices to help SMBs mitigate rather than merely accept their cyber risk. Similar to NIST’s existing cybersecurity framework and additional resources, the final products produced as a result of the new act will be voluntary resources that SMBs can tap to best fit their individual organizational needs. But what should SMBs do in the meantime while NIST develops recommendations for their cybersecurity problems?
Existing Resources
For SMBs it can be difficult to know where to start when it comes to cybersecurity. Surveying the expansive cybersecurity threat environment is challenging and knowing what technologies and tools to implement to best secure your network is equally exhaustive. But, remember, NIST isn’t your only resource when it comes to cybersecurity strategy development for your SMB. The Department of Homeland Security (DHS) and the United States Computer Emergency Readiness Team (US-CERT) have provided a list of some of the best resources to help SMBs establish a foothold when it comes to addressing their cybersecurity risks. Take time to survey this list and find out what can be helpful in mitigating your organization’s cyber risk.
- Toolkit for Small and Midsize Businesses (SMB) Table of Contents
- Begin the Conversation: Understanding the Threat Environment
- Getting Started: Top Resources for SMB
- Cybersecurity for Startups
- C³ Voluntary Program Outreach and Messaging Kit
- SMB Leadership Agenda
- Hands-On Resource Guide
Solidify Your SMB CyberSecurity Strategy with Training
So now that you have an idea of the existing and up and coming resources to fortify your cybersecurity posture, how can your organization’s personnel gain the skills necessary to back that strategy? N2K is equipped to help your organization from top to bottom. Whether you’re wanting to increase your board and executive leadership’s cyber literacy with our in-person or digital Resolve Program or need role-specific skills training through our Advance Program, N2K is here to help.