National Cybersecurity Awareness Month in the U.S. and CyberSecMonth in Europe are coming to a close, but that doesn’t mean it’s time to sit back and relax. Cybercrime is a year-round threat that requires year-round vigilance and proactive security measures.
To close out the month, let’s recap the top takeaways from the Ponemon Institute’s 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses, sponsored by Keeper Security.
- Cyber attacks are on the rise globally and becoming more targeted and sophisticated; 66% of respondents reported being attacked in the last 12 months.
- The U.S. is leading the world in cyber attacks; 76% of U.S. SMBs were attacked in the last 12 months, compared with only 55% in 2016.
- Cyber attacks are evading technical security defenses; 69% of SMBs worldwide experienced cyber attacks that got past their intrusion detection systems, and 82% were targeted by attacks that their anti-virus solutions didn’t catch.
- Cybercriminals are favoring social engineering schemes that rely on deception. Over the last 12 months, the most common cyber attack types globally included phishing (57%), compromised or stolen devices (33%), and credential theft 30%.
- Cyber attacks frequently involve the theft of sensitive data; 63% of businesses in the U.S. and Western Europe reported the loss of sensitive customer or employee data.
- SMBs are ill-prepared to defend themselves. Nearly half (45%) of respondents to the Ponemon survey described their IT security posture as ineffective, and one-third have no incident response plan.
- SMBs aren’t securing their employees’ passwords. Only 45% of respondents reported that their organization had a password security policy — and out of those, only 32% strictly enforced it and required the use of a password manager.
Potential solutions
Technical defenses such as firewalls, anti-virus software, and intrusion detection systems are important, but they’re useless against phishing and other social engineering schemes, which is why cybercriminals are favoring these techniques. It is crucial that companies educate their employees on cybersecurity awareness and best practices, such as how to identify phishing schemes.
However, employee education isn’t enough. Robust password security would prevent most data breaches. Every business needs to:
- Require strong, unique passwords for every account
- Prohibit sharing of passwords
- Require 2FA
- Require the use of a password manager
Learn more during our upcoming live webinars
We hope you can join Keeper and the Ponemon Institute for one of our live webinars as we discuss the findings of the Ponemon 2019 Global State of Cybersecurity in SMBs study and what SMBs can and should be doing to protect themselves from cyber threats.
U.S. webinar: Wednesday, October 30, 1:00 p.m. ET
U.K. and Europe webinar: Thursday, 31 October, 2:30 p.m. GMT