As we roll in to 2020 it’s important to have a crystal clear view of the cyber threat landscape ahead.
One thing 2019 taught us was the cyber-criminal landscape is expanding, and the majority of cybercrimes have shifted towards the small-midsized business (SMB) world.
This is primarily due to lack of cybersecurity awareness and education, and not having basic security controls in place. As a result, the cyber-criminals view SMB’s as “low hanging fruit” and we predict that more SMBs will become victims of data theft, ransomware, or malware attacks in 2020.
This is exactly why SMBs must begin implementing basic security controls to avoid becoming a target. So to kick off the New Year, I am officially challenging all SMB leaders to adopt the following 10 Security Controls in 2020:
Top 10 Security Controls for SMBs to Have in Place in 2020
- Have an Information Security Policy and Update Annually
- Appoint or Hire an Information Security Officer that is Qualified for the Role
- Conduct a NIST SP800-53 Security Risk Assessment
- Conduct Quarterly Vulnerability Assessments of your network
- Have an Access Privileges Policy
- Have a Third-Party Service Provider Security Policy
- Perform Annual Security Awareness Training with Executives and Employees
- Encrypt Data in transit and at rest
- Have a Multi-Factor Authentication (MFA) Policy in Place
- Have an Incident Response, Disaster Recovery & Business Continuity Plan – Test Annually
These basic security controls, once properly implemented, will reduce the risk of a data breach by as much as 70%.
Ransomware Attacks on SMBs in 2019
I would sum up 2019 as the Year of Ransomware Attacks on SMBs. Here in Central Florida alone, we responded to more ransomware attacks than in previous years… and ironically, all of the victims were SMBs. In some cases, the victims were forced to pay the ransom or risk filing bankruptcy, due to not having proper backups in place. They would have lost every bit of data within their infrastructure. Some had to shell-out well into five figures for digital forensic & incident response services. That does not include the costs of lost productivity and potential lawsuits. Building a sound cybersecurity program would have amounted to a fraction of that cost.
As machine learning and artificial intelligence continue to evolve, we expect more ransomware attacks to take place on SMBs in 2020. So, here in lies my challenge for SMB leaders: step up and join us in our quest to implement the Top 10 Security Controls we’ve outlined in this month’s article. This is our way of helping the SMB world have 20/20 in 2020!