More than 2.2 billion records were stolen last year in almost 3,000 public data breaches. While the media spotlight was on big brand mishaps like that of Yahoo (over 1 billion records compromised); is it safe to assume that small businesses were overlooked by the hackers? Here’s all that we learned in 2016.

1.  Startups and small businesses face bigger challenges.

Hackers do not differentiate between small and large companies. Their automated tools often scan to find out the weakest defenses across the web. Osterman Research’s survey purports that 71% of SMEs have suffered a security breach during the previous 12 months. Since these breaches are rarely made public, most SME’s are reticent about investing in appropriate security measures and personnel to address the risks associated with protecting their brand and their customer’s sensitive data. While enterprises usually have the budget to invest in an in-house application security team, smaller companies don’t have the leisure of this benefit.

2.  Application-layer is still vulnerable.

A few years ago, Gartner found out that 70% of the cybersecurity threats were at the application layer. However, companies have failed to secure Layer 7 altogether even after all these years. Recently Ponemon Institute surveyed 600 IT leaders & found out that 49% businesses have experienced ‘Web-based (web application) Attack’ and noted these attacks as the most common threat facing businesses today. On the other hand, SANS Institute’s IT Security Spending Trends reports that companies still spend more on wireless security and network traffic visibility, which suggests that they still consider their network defenses the best means of protecting their sensitive data.  Given that the majority of security vulnerabilities exist at the application layer, it’s imperative that SMEs start looking beyond the traditional security approach restricted to the network layer. They must have a plan to manage their web presence.

3. Ransom attacks continue to grow.

Hackers have found ransomware and application Distributed Denial of Service (DDoS) attacks as new weapons to hold companies against a ransom. Last year, when TalkTalk database was breached, the company received a ransom demand from a group or individual that claimed the responsibility. They demanded approximately £80K in Bitcoins. This year, several such incidents have been reported where hackers threatened to launch DDoS attacks against companies that failed to pay the ransom.

According to a survey, 80 percent of IT security professionals believe that their organization will be threatened with a DDoS ransom attack in the next 12 months. Even more alarming is the fact that 43% of respondents believe it was possible that their organization pays for the ransom demand.

4. Customers prefer secure companies.

Nearly two-thirds (64%) of consumers surveyed worldwide, in a survey last year, say they are unlikely to shop or do business again with a company that had experienced a breach where financial information was stolen, and almost half (49%) had the same opinion when it came to data breaches where personal information was stolen.

The survey also highlighted that around a quarter (23%) of respondents who have been a victim of a data breach, either have, or would, consider taking legal action against the breached company involved in exposing their personal information. With customers getting cautious of their choices, it becomes mandatory for brands to secure not only their money but also Personally Identifiable Information (PII).

 

Securing Your Business with Indusface

Year 2016 has crushed security perception for organizations around the world. No company is truly secure without shielding the ‘most vulnerable’ communication layer, i.e. Layer 7/Web Application. Indusface, through its Total Application Security solution, helps businesses detect, protect and monitor such application-layer threats including automated attacks. Offered as a service, it provides full management of the operation using subject matter experts at a fraction of the cost of hiring an in house team. It includes:

  • Latest security notification to protect your applications from known vulnerabilities
  • Periodic penetration testing
  • Business logic tests on all applications to find vulnerabilities, zero day threats and automated application risks
  • Custom WAF rules to block attacks (via virtual patching). Keep in mind that Verizon’s DBIR stated that 70-90% of all malware samples are unique to an organization.
  • Tracking malicious behavior of an attacker initially versus simply blocking the attack.
  • 24*7 monitoring to gather information such as IP address, User ID if authenticated, GEO location, navigation/user behavior and machine finger print that can help gain intel about the attacker’s methodologies to use that information in creating more aggressive blocking rules from these attackers.

Find out how it secures your business and customers with a Free Forever Plan today.

Founder & Chief Marketing Officer, Indusface

Venky has played multiple roles within Indusface for the past 6 years. Prior to this, as the CTO @indusface, Venky built the product/service offering and technology team from scratch, and grew it from ideation to getting initial customers with a proven/validated business model poised for scale. Before joining Indusface, Venky had 10+ years of experience in security industry and had held various mgmt/leadership roles in Product Development, Professional Services and Sales @Entrust.