Back in 2014, a code-hosting and software collaboration platform called Code Spaces was put out of business after a DDoS attack. The hacker left extortion demands but when Code Spaces started to make recovery attempts, the attacker began deleting data, backups and more.
“Within 12 hours, Code Spaces went from a viable business to devastation,” according to this story on threatpost.com.
A similar story is detailed in this Denver Post story by Gary Miller of GEM Strategy Management. An employee at a small online retailer in the Midwest clicked on a link in an email and infected the company’s entire system with Cryptowall malware. The company’s accounting software and 15,000 customer account files, including customer names, addresses, credit card numbers and Social Security numbers, which lived on the company’s network drive, were all affected. Soon it became apparent it was a ransomware attack; the criminals demanded $50K for the decryption key. The company didn’t have back-up files and were forced to pay up, but the key didn’t work; business came to a standstill and the owner closed the doors six months later.
“The U.S.’ National Cyber Security Alliance found that 60 percent of small companies are unable to sustain their businesses over six months after a cyber attack,” Miller writes.
These stories are more and more common.
According to a recent study by IBM, small and mid-sized businesses are the target of 62 percent of cyber attacks.
Why? They’re an easy target, and they often overestimate their cyber preparedness, according to “The 2017 Cyberrisk Preparedness and Response Survey” from Advisen, which surveyed more than 300 risk managers, insurance brokers and legal experts.
Risk managers tended to rate their network protection as above average (72 percent) while data brokers and legal experts rated their clients as average or below average in that same area (67 percent and 52 percent, respectively), and didn’t think their clients had the knowledge required to work with vendors or the government to navigate cyber risks. Seventy-five percent of brokers and legal experts said their small business clients are either “not prepared at all” or “not very well prepared” to respond to a cyber security incident.
“Time and again companies mishandle their response to high-profile cyber incidents resulting in customer churn and a diminished ability to meet anticipated revenues. The financial harm from a damaged reputation and loss of consumer confidence has the potential to exceed other cyber-related first- or third-party financial losses,” according to this story from CreditUnionTimes about the report.
Preparedness is key. Companies who have a data breach plan in place are better able to respond quickly and contain threats, which often times saves them money in the long run, a 2016 report from the privacy and data protection team at BakerHostetler concurs.
“Being ‘compromise ready’ better positions companies to respond to data security incidents faster, contain the threat and potentially lessen the severity of these events,” said Theodore Kobus, the chair of BakerHostetler’s privacy and data protection team, in a law360.com article about the report’s findings. “What we found is that companies which have a program in place, and who are conducting tabletop exercises and incident response workshops, are better prepared to detect incidents, which help them more timely respond to incidents,” Kobus said.
This is where LibertyID for Small Business can help. When a small company has a data breach it causes severe damage to the organization, its employees (no matter how their identity is compromised), customers and reputation. LibertyID for Small Business prepares you with prevention planning, a crisis response plan and fully managed identity theft restoration for your employees and for your customers should you experience a data breach.
Our service includes an hour of consultation with a well-qualified attorney who has extensive data breach response experience. The attorney will review the circumstances of the event, answer general questions, identify critical issues and develop next steps, including a custom data breach notification plan with consumer and regulatory notice templates, recommended content and a required timeline. When a data breach happens, our team of specialists goes to work.
Is your business covered for a data breach?
Get Covered
Image: Unsplash