PHILADELPHIA, PA / ACCESS Newswire/ While mass outages like 2024's CrowdStrike event can bring small businesses and major corporations alike to their knees, small technical issues or IT events are far more common and can shut down business functions with equally devastating effects.
"Surging security and cybersecurity threats don't discriminate by company size, industry, or geographic footprint. In today's high-risk security environment, an attack is all but inevitable," says Erik Eisen, CEO of CTI Technical Services, a leading provider of IT support and cybersecurity services.
According to a recent survey by New Relic, the median number of annual outages among respondents was 232, with more than half experiencing weekly low-impact disruptions. IT teams spend 30 percent of their time - the equivalent of 12 hours per 40-hour workweek-addressing interruptions ranging from network failures and third-party service issues to human error.
Cyberattacks are also surging, and small businesses are a favorite target. Attacks against small businesses increased by 150 percent over a two-year period at an average cost per incident ranging from more than $825 to nearly $654,000. More than 73 percent of U.S. small business owners reported a cyberattack in 2023, most of which compromised user credentials. Further:
- Financial motives are behind 98 percent of cyberattacks on small businesses.
- System intrusion, social engineering, and basic web application attacks represent 92 percent of all small business breaches.
- An average small business with less than 100 employees will receive 350 percent more social engineering attacks than larger enterprises.
A Proactive Stance
When it comes to IT events and cybersecurity attacks, it is a matter of when, not if, for businesses of all sizes. However, there are several steps companies can take to mitigate their risk, starting with a self-assessment to determine areas of vulnerability. This doesn't require an IT expert; just answers to a handful of questions in the following five areas:
Staff training: is your team trained in cybersecurity best practices, including recognizing phishing attempts and the need for strong passwords, and is this training updated regularly?
Security safeguards: Are security measures in place that minimize human errors (e.g., email filters, browsing restrictions, multi-factor authentication, etc.), particularly around personally identifiable information (PII) access? Are they kept current?
Software patches and updates: Are procedures in place for installing the latest patches and updates to software and systems to protect against emerging threats and harden existing vulnerabilities? Are they followed?
Vendor security profiles: Do vendors, partners, and any other entity that may access the company's systems have proper cybersecurity and security protocols to prevent a breach on their end from impacting your operations?
Business continuity: Is a business recovery and continuity plan in place to get operations back up and running after a breach? Is it regularly reviewed and updated as needed? Are staff aware of the plan and trained in its deployment?
Responses will help determine if broader protections are required and if engaging with an IT service provider is warranted. If it is, look for a provider with cybersecurity experience that offers, at minimum, proactive monitoring, regular security assessments, and staff training. Prospective partners should also have a deep understanding of industry-specific compliance requirements. And during the evaluation process, be sure to ask prospects about their response times and disaster recovery capabilities and obtain-and check-references.
"Security and cybersecurity protocols don't have to break the bank, but they do need to be a budget priority," says Eisen. "Many policies can be implemented internally. For those that can't, the right IT partner will have the skills, experience, and flexibility to lower your risk profile in 2025 and beyond."
For more information on CTI's security and cybersecurity services, visit ctitechnicalservices.com.
