Even though most midmarket IT leaders know that cyber attacks will devastate their bottom line, they only devote a minuscule amount of their IT budgets to combating those attacks.
If you’re like most midmarket IT leaders, your company’s infrastructure is your central nervous system. It goes without saying, perhaps, that an attack on that infrastructure would be devastating.
With that in mind, perhaps it’s not surprising that a recent survey by the National Center for the Middle Market found that more than 90 percent of business thought a cyber attack would impact their bottom line, and two-thirds thought it would be significant.
What is surprising, however, is that companies are dedicating a minuscule 6 percent of their IT budgets to combat cyber attacks.
We don’t need to recount any of the myriad malware, ransomware, or spear phishing attacks that have taken place across the country and around the world in recent months.
Real numbers illustrate real problems
But here are some hard numbers that illustrate that it’s not just the National Center for the Middle Market survey that indicates how much and how fast the issue has grown in our collective conscience.
The recent Verizon 2017 Data Breach Investigations Report found a 50 percent increase in ransomware attacks over last year’s report. The report also found a whopping 95 percent of phishing attacks are tied to the installation of software on a user’s device while 43 percent of data breaches involved phishing.
Interestingly, and relevant not only to the National Center for the Middle Market report, but also for attendees of our upcoming MES Fall event in San Antonio, 61 percent of victims in the Verizon report were businesses with fewer than 1,000 employees, so those small and medium-sized businesses are clearly a target for cyberattacks. Unfortunately, the narrower margins facing those in the midsize enterprise make cyberattacks a devastating proposition that all too often becomes a reality.
There are some things that midmarket IT leaders can do, however, to fight back and improve your cybersecurity defenses:
· Keep data only on a “need to know” basis
· Train your staff to spot early warning signs
· Encrypt all sensitive data
· Patch promptly
· Set strong passwords
· Use two-factor authentication
Once you’ve done that, it’s time to move to the next phase of your cybersecurity protection:
· Update your operating systems
· Back up your files
· Don’t click emails you aren’t expecting
· Disable macros
· Isolate problems
· Adopt a multi-layered approach
What else can you do?
We’ll be talking more about the challenges of cybersecurity in the midmarket at our Midsize Enterprise Summit fall conference next month in San Antonio. We’ve got multiple sessions discussing how IT leaders can protect their organizations from ransomware and how to avoid other IT risks.
If you want to attend MES Fall 2017 to meet with peers along with tech suppliers that include solution providers and vendors, you can register for the Midsize Enterprise Summit conference for senior IT leaders of midmarket companies.
Please let me know your thoughts at email@example.com.