Keeping Your Business Cyber Secure

Picture

​News headlines tend to highlight only wide-scale attacks against large enterprises. However, most attacks target small and midsize businesses (SMB). In relative terms, these attacks often are much more costly to smaller targets.
 
Targeting small and midsize businesses makes more sense than it might seem. Cybercriminal groups are ruthlessly efficient. They want the biggest bang for their buck, which often means the SMB segment. The following sections outline five reasons that make these businesses inviting targets.
 
No. 1: Your data is valuable
Most companies have information they want to keep secret: customers’ credit card numbers, employees’ personal data, or it could be something as valuable as the keys to the business banking account.
 
A New York mannequin maker learned that lesson the hard way in 2012 when it lost $1.2 million within a matter of hours through a series of fraudulent wire transfers. Cybercriminals breached the firm and got its online banking credentials. The company’s anti-virus (AV) software never detected anything amiss.
Sarah E. Needleman (The New York Times). “Cybercriminals Sniff Out Vulnerable Firms.” July 2012.
 
In addition to having valuable data of their own, most SMBs do business with larger companies. Often this includes ties into partners’ computer systems or access to their sensitive data and intellectual property. Even if you are not the ultimate target, only a few hops separate you from a valuable target.
 
“It might not be your data they are after at all,” the Verizon Data Breach Investigations Report states. “If your organization does business with others that fall within the espionage crosshairs, you might make an excellent pivot point to their environment.” You might think of yourself as a small fish, but you are connected to bigger fish.
 
No. 2: Attacks offer high returns for criminals with minimal risks
The Internet connected the globe in ways barely conceivable just a few decades ago. It has opened up outside markets, uncovered lucrative niches to serve, and created brand new ways of doing business.
 
The dark side of this progress: the Internet has also made attacks possible from anywhere in the world. Attackers are rarely caught, let alone punished. Advanced malware typically resides in infected systems for weeks, even months, before conventional security tools detect it. Some malware quietly cleans up after itself after exfiltrating data to make a clean getaway. Moreover, in some cases, attackers are even sponsored by their home government.
 
Those factors are amplified when it comes to SMBs, which are usually less able than their larger counterparts to detect and counter advanced threats. With much to gain and little to lose, cyber attackers have strong incentives to attack.
 
No. 3: SMBs are an easier target
SMBs face the same threats as large enterprises but have a fraction of the budget to deal with them. More than 40 percent do not have an adequate IT security budget, according to a survey by the Ponemon Institute: “The Risk of an Uncertain Security Strategy Study of Global IT Practitioners in SMB Organizations.”
 
Unlike big corporations—with dedicated roles for chief information security officer, chief information officer, and the like—the general IT director at a small or midsize business wears many hats. Only 26 percent of small and midsize companies in the Ponemon survey were confident their firm has enough in-house expertise for a high-security posture.
 
Likewise, many smaller companies lack strong security procedures and policies. According to a September 2013 survey sponsored by Bank of the West, only 36 percent of small business owners have data security policies.
 
Most cyber attackers follow the path of least resistance. In many cases, this means targeting the very businesses that can least afford to be hit.
 
No. 4: SMBs have their guards down
The statistics are clear: a small or midsize business is more likely—not less—to face an attack compared with large enterprises. Nearly 60 percent of small and midsize businesses in the Ponemon survey do not consider cyber attacks a big risk to their organization and forty-four percent do not find high-security a priority.
 
Despite a growing tide of cyber attacks, 77 percent of SMBs believe that their company is safe from cyber attacks, “showing that some small businesses are operating under a false sense of security.”
 
Many businesses assume that they do not have anything worth stealing. Others are unaware of the volume and sophistication of today’s attacks. In either case, the effect is the same: the business remains vulnerable. As the Verizon Data Breach Investigations Report puts it:
 
“Am I a target of espionage? Some may already know the answer to this question by firsthand experience. Many others assume they are not or haven’t thought much about it. Despite the growing number of disclosures and sometimes alarmist news coverage, many still see espionage as a problem relevant only to the Googles of the world. Unfortunately, this is simply not true.”
 
No. 5: Most SMBs use security tools that are no match against today’s attacks
The defenses most SMBs have in place today are ill equipped to combat today’s advanced attacks. Firewalls, next-generation firewalls, intrusion prevention systems (IPS), AV software, and gateways, remain relevant security defenses. However, they are woefully ineffective at stopping targeted attacks.
 
These technologies rely on approaches such as URL blacklists and signatures. By definition, these methods cannot stop powerful attacks that exploit zero-day vulnerabilities. If an IPS or AV program does not have the signature of a new exploit, it cannot stop it. When highly dynamic malicious URLs are employed, URL blacklists do not cut it.
 
Most defenses stop known attacks. But they are defenseless against unknown advanced targeted attacks or zero-day threats.
 
Recommendations: Here are two key steps toward shielding your business from the growing scourge of data breaches.

  • Assume you are a target: Your data is valuable. And you likely have ties to bigger, high-profile business partners. Given that today’s advanced attacks can easily bypass most security tools, you may have been breached and not yet know it. By assuming that you are in cyber attackers’ crosshairs, you can better prepare yourself against the inevitable attack.

  • Deploy a security platform for today’s attacks: SMBs must take a radically different approach. They need to implement a security platform that can detect and block both known and unknown threats with real-time, coordinated security. Today’s attacks exploit previously unknown, zero-day vulnerabilities, easily bypassing signature- and reputation-based defenses. Even with constant updates, standard security products cannot keep up with today’s fast-moving, ever-evolving threats. By the time most products can update their databases of known malware and high-risk Web addresses, attackers have fashioned new and undetectable attacks.

  • Know your risks: Be aware of the latest security risks and partner with a security specialist to better help your SMB to combat any threat to sensitive information.

 
 
Contributor 
Mr. Tomas Santos-Alejandro is Advent Service’s VP of Operations. He can be reached at info@adventsvcsllc.com or (850) 441-2915. Advent Services (www.adventsvcsllc.com) specializes in Information Technology and Security services for government and private sector organizations.


Understanding B Corporation Certification


​“The most powerful force in the universe is compound interest.”  Words said to be spoken by genius Albert Einstien.  I am writing to share the truth behind this principle, and the genius idea put into action by individuals and organizations who believe in social responsibility and positive environmental impact. The topic is B Corp certification. 
 
B Corp stands for Benefit Corporation and companies under this type of certification recognize the impact of applying the principle of compound interest to business.  This is a new class of corporation that voluntarily meets different standards of corporate purpose, accountability, and transparency. Businesses are the most powerful force in the world affecting social, economic and environmental outcomes.  B Corporations are “people using business as a force for good.”  They are a community of individuals and companies who are more purpose driven than profit driven, and they are changing the way organizations communicate and interact with those affected by their operations.
 
This community of ambitious individuals has been around far longer than the certification.  Although, the development of it is significant to a sustainable future.  Introduced in 2006 by the nonprofit B Lab, the B Corp Certification is inspired by those already working with the belief that systems should exist to serve society.  Now it has become a big stamp of validation for the companies who are working hard to make a difference and set a framework holding all organizations accountable for their actions.  As of this writing, there are 1,468 Certified B Corporations, across 42 countries and from a variety of 130 different industries, whom all share one unifying goal “to redefine success in business.” 
 
Amavida Coffee and Tea is a Certified B Corporation and Florida Benefit Corporation. To achieve certification, all B Corps must undergo a rigorous investigation of business policies and procedures and are scored on four facets: Governance Structure, Employee Engagement, Community Involvement, and Environmental Impact. All B Corps voluntarily meet higher standards of transparency, accountability, and performance making them powerful agents for change.
 
Amavida Coffee and Tea is an importer, roaster, and purveyor of Organic and Fair Trade specialty coffees. Amavida operates several cafes in the Florida Panhandle and maintains a thriving coffee roaster and wholesale operation that focuses on providing the highest-quality Organic and Fair Trade coffees in the industry.
 
Amavida Coffee and Tea is a member of Cooperative Coffees, a green coffee importing cooperative comprised of 23 community-based roasters throughout the United States and Canada. Cooperative Coffees shares Amavida Coffee and Tea’s vision to promote transparent Fair Trade and sustainable development alternatives and believes that the Fair Trade movement goes beyond the importation of fairly traded coffee and products. Amavida Coffee and Tea and Coop Coffees work together to promote fair buying practices and work to ensure that partnering farming communities are being properly cared for and educated.
 
We believe that true fair trade is essential to creating a sustainable, honorable, and honest business. This occurs by building long-lasting, deep-rooted relationships with farmers and by creating a real partnership; we pay what is earned and deserved. Amavida Coffee and Tea shares the vision of B Corp to redefine success in business by creating higher quality jobs and improving the quality of life for our community, as well as the communities of our trade partners.

Picture


Jennifer Griffin 
Project Coordinator