A total of 95 percent of business owners don’t feel secure against any kind of cyber attack, according to a recent survey by a global advisory board.
Further, only 60 percent of those surveyed by The Alternative Board (TAB) have a cybersecurity response in place.
“People thought the onslaught of PCs into the accounting departments was a boon,” said Chris White, founder of Corporate Performance Group, a business management consulting firm in Tulsa.
“Any offsets in costs were not forthcoming as people in many other departments got their own PC and started doing their own accounting in pursuit of answering the question of ‘What does all this data mean?’ Once people began answering that question, they began to create value.
“Putting valuable information online and in real time encouraged developers to rely on hardware controls as system and program controls were difficult to develop. That information being online was ultimately too much to resist for the cyber criminal,” White said.
“The survey revealed to me that too many business owners are 10 to 15 years behind the times when referencing most anything to do with the internet.”
Corporate Performance Group sponsors Tulsa’s arm of TAB, an international organization providing peer-to-peer advisory and executive coaching services. Its survey received more than 300 responses, said Jodie Shaw, chief marketing officer for the Westminster, Colo.-based TAB.
“Many security attacks can’t happen without hackers finding an open window or some way to get in,” Shaw said by telephone. “Often, that way to get into a business’s database or technology happens unbeknownst to the business owner through something very innocuous, like a team member opening a link and inviting a virus in or inviting ransomware in.”
Shaw recalled a test for a company during which she sent employers an email that read simply “Hey, check out this link.” Twenty percent of the workers clicked on it, setting in motion a faux virus.
“Business owners need to make sure every team member knows how to identify suspicious emails and to not to rely on spam filters to catch all of them,” she said.
According to the survey, the biggest roadblock to implementing the best cybersecurity measures is time (43 percent), followed by resources (32 percent), expertise (30 percent), and capital (29 percent). The average amount spent by a business on cybersecurity measures was about $9,000.
“If they are only spending an average of $9,000 yet they don’t feel secure, then either they are investing in the wrong way or they are investing in a way that is actually not making them feel secure,” Shaw said.
Business owners are most fearful of data loss and consider credit card skimming as the most probable form of attack (35 percent), followed by malware (26 percent), phishing and website hacking (both 22 percent) and ransomware (21 percent), according to the survey.
“Solutions to those problems are at hand; it should represent no outlay of effort to obtain them at reasonable costs,” White told the Tulsa World in an email. “These should be on any company’s “high priority” list, as the timing for this was 10 to 15 years ago. If the company lacks the internal capabilities to accomplish this, outsource.”