According to Verizon’s 2020 Data Breach Investigations Report, small businesses are increasingly the target of cybercriminals. The report, which analyzed more than 157,000 cybersecurity incidents, found that 28% were directed at small businesses. Previously, cybercriminals targeted larger organizations as the rate of return was often higher. However, a transition to cloud computing and the use of social engineering attacks, like phishing scams, has increased the risk for small businesses.
In response, small businesses need to prioritize cybersecurity, as a data breach has an outsized effect on smaller organizations. Among other recommendations, the report encourages small businesses to invest in continuous vulnerability management, like MDR (Managed Detection and Response), and secure their email infrastructure to protect themselves from the growing threat of phishing attacks. It’s also essential that companies recognize and identify insider threat sources and eliminate them as quickly as possible.
Knowing that small businesses often lack the in-house cybersecurity resources to implement a 360° defensive strategy, ISM partners with small businesses to fill that gap effectively and affordably to provide essential cybersecurity support when an attack occurs.
New Trouble Comes From Users Who Rarely Update Their Passwords
Using tools and services that support good password hygiene, offering things like single sign-on, two-factor authentication, and other password-oriented enhancements, and enforcing stricter password reuse and sharing policies can help mitigate the risk of password compromise.
Despite years of advocacy and continual advice to update passwords frequently, the majority of victims fail to follow through on this priority. According to research by the Carnegie Mellon University’s CyLap, even after a data breach, users rarely voluntarily update their credentials, and only 13% even did so within three months of a known breach.
Updating passwords consistently is an essential security tool. Part of protecting a company’s data and systems from bad actors requires knowing when that company’s credentials have been compromised – and it isn’t always your company’s fault. A third party breach, or breach of a client or vendor, could put corporate passwords at risk unexpectedly.
Given the high number of compromised credentials available on the Dark Web, updating passwords after a breach is a critical recovery act that helps limit the scope and impact of the breach. Dark Web ID is an essential tool for finding out if company credentials have been compromised in someone else’s breach.
If you’d like to review your cybersecurity policies and procedures or request a free Dark Web scan, reach out to us at (406) 443-8386 for a discussion.