Ignorance Of Cyber Threat Creates Conundrum For Small Business Data Security

McAfee Labs recently published its 2018 Threats Predictions report, and after a year of high-profile cyberattacks and data breaches, analysts say the threat won’t let up in the new year. A rising challenge for the enterprise is the fact that cyberattackers are becoming increasingly sophisticated in their methods. According to McAfee, while companies are embracing innovations like machine learning to safeguard their systems, attackers, too, are using these same tools.

“Machine learning can process massive quantities of data and perform operations at great scale to detect and correct known vulnerabilities, suspicious behavior and zero-day attacks,” McAfee said in its report. “But adversaries will certainly employ machine learning themselves to support their attacks, learning from defensive responses, seeking to disrupt detection models and exploiting newly discovered vulnerabilities faster than defenders can patch them.”

If there’s one thing the enterprise has learned this year, it’s that a data breach can happen to any business — including small businesses (SMBs). Or, according to the latest data, many small businesses haven’t learned this lesson.

In this week’s B2B Data Digest, PYMNTS dives into new research about small businesses’ data security and cybersecurity efforts. Small businesses seem quite confident in their ability to protect themselves and their customers’ data, but according to researchers, that confidence is likely misguided.

 

—60 percent of SMBs said they don’t follow PCI DSS or HIPPA rules when storing customer credit card and banking information, according to new research from Clutch. The firm surveyed 300 small businesses about how they store data in the cloud and found that the majority aren’t following the Payment Card Industry Data Security Standard (PCI DSS) and the Health Insurance Portability and Accountability Act (HIPPA) as required by law. Clutch warned that fines for non-compliance with these rules can reach into the millions of dollars.

—54 percent of SMBs that store medical data in the cloud admit they don’t follow storage industry regulations, meaning these businesses could be putting sensitive company and consumer data at risk, Clutch also found.

—90 percent of SMBs are at least “somewhat” confident in their cloud storage’s security, a 3 percent increase from 2016 figures. That statistic is troubling, considering so many small businesses are actually lagging in cloud data security, according to the survey.

—60 percent of small firms say they use encryption to safeguard data in the cloud, the most common security measure cited by SMBs in Clutch’s survey. More than half (58 percent) said they train employees in data security, and 53 percent said they use two-factor authentication, though Clutch warned that businesses should be using more cybersecurity strategies than these three methods alone.

—74 percent of SMBs don’t have cyber liability insurance, according to separate research from Insureon. The small business insurance company surveyed 2,500 members of the small business community Manta, and the results suggest that the SMBs that aren’t following data storage regulations may not only be at risk for fines, but could face added-on consequences if they go uninsured.

—25 percent of small firms have consumer data that is susceptible to an attack on their business network, Insureon found, while nearly a sixth said they have already experienced a data breach.

—82 percent of small businesses told Insureon they don’t feel they’re at risk for a cyberattack or data breach, echoing similar sentiments found by Clutch: SMBs could be ignorant to their cybersecurity threats, despite many having already experienced an attack. Insureon President Jeff Somers said in a statement that the research is “surprising, considering the amount of media circulating about mass data breaches and cybersecurity. Many small business owners have their whole life savings tied up in their businesses, and they don’t understand how vulnerable they are to a cyberattack.”