Earlier this year, Microsoft President Brad Smith called on nations to adopt a so-called Digital Geneva Convention. While aimed at world governments, I doubt few would argue at the need for some set of international laws governing every nation, state and human on issues of cybersecurity.
We can all probably guess why: Cybersecurity is one of the greatest threats we face today. For some context, consider that McAfee estimates the global economic cost of cybercrime and cyberespionage at between $300 billion and $1 trillion per year.
Also think about the explosive growth of ransomware, a phenomenon by which a user or business’ data are hacked and held to ransom. Per a report published by SonicWall, ransomware attacks rose from 3.8 million attacks in 2015 to 638 million in 2016. Yes, you read that right: There were 167 times more ransomware attacks in 2016 than 2015. (Verizon's newly released 2017 data breach report also found significant growth in ransomware attacks.)
For starters, when it comes to your business applications—things like your financial, marketing and production systems—one of the smartest moves small businesses can make is to move to the cloud.
The advantages are compelling. They include the constant monitoring of infrastructure by highly trained solution providers. Also, secure servers are hosted in a variety of locations, safeguarding data better than an in-house datacenter. And, need I mention the convenience aspect? Think about it. Things like data storage, security patch management, vulnerability scanning, web application firewall, advanced threat management (you get the idea) are no longer your problem, but your cloud provider’s. And these things are managed better, which in turn makes your business more secure. I can personally attest to how seriously and effectively we manage security at SAP—the lengths we go to, the resources we put behind it—and how our customers have benefited as a result. (I encourage you to reach out to me if you question or dispute any of this.)
Yes, there have been high-profile cases of cloud security breaches—say, Target and Apple’s iCloud. But, as Trip Wire points out, these “breaches were a result of human error, not shortcomings of the cloud.” In fact, human error is the primary cause of the majority of security breaches. A 2014 IBM report indicates that, in more than 95 percent of all the security incidents they investigated, human error was a factor.
Another way small businesses can better their security—regardless if they’re fully cloud operational or not—is to improve the collaboration between their chief security officers and their security and application teams. This is something small- and mid-sized businesses can fix tomorrow. It’s amazing to me that, in 2017, these groups often remain siloed from each other. Organizations are letting this happen at their own peril.
The need for up-to-date cybersecurity measures is something that is only growing in importance. As cybercrime evolves, and as its reach and impact increases, the attention it will demand will only increase too. This especially true for the small business community, which can no longer afford to remain blissfully indifferent. Not when it is their entire business that is on the line.