Small businesses facing a daunting cyber challenge

Recognizing the daunting cyber-security tasks faced by the nation’s small business owners, the U.S. House Select Committee for Small Businesses advanced the Improving Small Business Cyber Security Act of 2016, just before October, which the Department of Homeland Security designated National Cyber Security Awareness Month.

“American small businesses are under cyberattack like never before,” said House Small Business Committee Chairman Steve Chabot, R-Ohio. “Small businesses employ about half of the private sector workforce and generate 54 percent of annual sales in our economy.”

Smaller businesses are actually targeted as much as large companies, and the results are often catastrophic, with average financial losses exceeding $3,600, and the subsequent loss of customers and trust leading many to bankruptcy. Lack of technological expertise has long been a concern for these business people, but now they are also facing dramatic cost increases in hiring such experts.

“We need to be doing all we can to help protect these job creators and their customers against the great and growing array of cyber-threats they face on a daily basis,” said Chabot about the need for Congressional action. “This bipartisan, common sense legislation will help small businesses access the tools they need to protect themselves from cyberattacks in this dangerous new digital landscape.”

Dramatic increases in cyber-crime have been documented during the last three years. Small-business owners need to take action against the escalating threat, including increasing their own understanding of the issues and their own exposure, as well as taking initial steps that are available without the need for expensive security support.

For instance, small-business owners and employees can minimize the chances of being a cybercrime target with policies and appropriate tools. Training on account passwords and email management can prevent many ransomware and malware attacks.  But many small businesses don’t have the expertise or the resources to extend beyond that. Business owners with limited time, training or budget for expert assistance require a new breed of simple, cost-effective tools that will enable sophisticated backup and disaster recovery, automation and strengthening of security protocols, isolation of key data from unsecured and outdated equipment  and help in planning an effective IT strategy.

While cyber security failures of large companies and agencies dominate news cycles, including potential threats to the U.S. presidential election, most industrial hacks continue to be aimed at small- to mid-sized businesses. In fact, 71 percent of cyber-attacks are aimed at businesses with fewer than 100 employees, according to a report by the Select Small Business Committee.

Adjusting to changing strategies in cyber-attacks, and dealing with the overall increasing cost of expertise, will remain a challenge, according to a number of IT sources.

According to DICE a leading IT job board, most of these jobs will command significant salaries, including projections for:

• A lead software security engineer — $233,333.

• A chief security officer – $225,000.

• A global information security director — $200,000.

• A chief information security officer — $192,500.

• A director of security — $178,333.

Cybersecurity Ventures is estimating that $1 trillion will be spent globally on cybersecurity from 2017 to 2021, citing threats from cybercrime, the ransomware epidemic, the deployment of billions of under-protected Internet of Things (IoT) devices, the “legions of hackers-for-hire” and a growing sophistication of cyber-attacks launched at businesses, governments, educational institutions and consumers globally.

Many analysts put global 2015 losses from cybercrime at about $500 billion annually, but subsequent research from leading market analysts Juniper Research, suggests that the rapid digitization of consumers’ lives and enterprise records will increase the cost of data breaches to $2.1 trillion globally by 2019. The research, ‘The Future of Cybercrime & Security: Financial and Corporate Threats & Mitigation,’ found that the majority of these breaches will occur in existing IT and network infrastructure.

So it should come as no surprise that cyber-crime fueled a cybersecurity market explosion over the past five years, leading to one million cybersecurity job openings entering 2016, noted Cybersecurity Ventures.  “All signs point towards a prolonged cybersecurity workforce shortage through at least 2021” said Steve Morgan, founder and CEO at Cybersecurity Ventures.

“The demand for the (cybersecurity) workforce is expected to rise to 6 million (globally) by 2019, with a projected shortfall of 1.5 million,” said Michael Brown, the former CEO at Symantec, the world’s largest security software vendor. He said the most recent (ISC)² Global Information Security Workforce Study similarly revealed a workforce gap in the information security field of 1.5 million in the next five years.

Scott Hoot is the founder and CEO of ZFyre Inc., a Longmont-based cloud storage solution for small- to mid-sized businesses.