Cybercrime is a non-discriminatory big business that’s growing at an alarming rate. According to Cybersecurity Ventures, it’s projected to cost the world $6 trillion by 20211.
What’s worse, cybercriminals have found a sweet spot – small businesses.
Approximately 60 percent of small businesses have already experienced a cyber-attack in the last 12 months2. And with the average cost of recovery from successful intrusions at $1.5 million, they can no longer afford to ignore the risk3. A company could also lose all of their customer data, experience a loss in production and sales, and take a hit by the negative publicity of a breach. And on top of that, they will have to repair their systems and establish greater security.
Despite these unsettling facts, most small business owners aren’t prepared to prevent, detect or respond to a cyber-attack. They think that because they are small, hackers won’t waste their time on them.
That misguided optimism can lead to trouble for many small businesses. Because they believe they are unlikely victims, approximately 51 percent of small businesses don’t allocate budget to protect their networks and their data3. They also don’t make an effort to hire cybersecurity experts because they are expensive and scarce. They place a low priority on security awareness training, and they lack the type of mobile device protection that is important for a mobile workforce.
Hackers know that small businesses often have insufficient security practices, making them ideal prey.
But there is much more at stake than just the dollar figures. These intrusions not only result in lost revenue but can lead to massive operational disruption, and the loss of intellectual property. They can affect customer relationships and the company’s public image, and in the worst cases, involve litigation and crippling legal fees.
The mobile vulnerability
Simply put, mobile devices are the most vulnerable endpoints and provide cybercriminals a target-rich environment for intrusions into companies’ networks. Here is why:
- Mobile users are three times more likely to fall for phishing scams, according to IBM4. In one survey, more than half of Outlook users received – and accessed – at least one, and sometimes multiple, phishing URLs on their mobile device.
- Two out of three mobile devices are running vulnerable operating systems.
- Using Wi-Fi or other public networks vastly increases the risk of intrusion by cybercriminals.
- As mobile users access the internet or emails from their mobile device, their chances go up of clicking on a malicious website or downloading something nefarious.
With one business falling victim to a ransomware attack every 13 seconds5, small businesses need to take steps now to protect their networks and their data.
Fighting the battle
The best way to keep a hacker out of your mobile devices is by a combination of preventative measures and actively monitoring for any threats that may have slipped through your defenses. That includes:
- Locking down apps and restricting them to authorized users
- Limiting the online sites a user can access and what files can be downloaded
- Managing mobile devices so that if one is lost or stolen you can quickly lock it and wipe its data
Mobile device management solutions do just that. But this type of prevention won’t stop everything. A user could still click on a nefarious link in an innocent-looking email, for instance, and open the door to a malware infiltration that could lead to intrusion into the company network.
The best approach is a sophisticated mobile threat detection tool such as Sprint Secure Mobile AI. By leveraging artificial intelligence, it detects malicious activity automatically, based on behavior data and other indicators of potential risk.
Constantly monitoring devices for malicious behavior, it can dynamically detect known and unknown threats in real-time and present that information in an intuitive way, providing end-to-end context.
Importantly, it can also provide rapid incident response recommendations and even automatically take action on its own when malicious activity is discovered.
The forensics of mobile threats are critical elements to keeping a single compromised device from growing into a cyber attack. Quick analysis and action is essential. By understanding the details of the threat, such as any changes made to the device by the intrusion, identifying the source of the attack, or samples of the malware used, it vastly improves a company’s ability to defend itself.
Not if, but when
Unfortunately, the question isn’t if your company will be attacked, but when. Properly securing your network and your mobile devices is not something you can put on the back burner. When you consider that a cybercriminal can compromise your entire company by successfully hacking into a single mobile phone, you can see why focusing on cybersecurity is not something to be taken lightly.
A comprehensive mobile security solution, combining Sprint Secure Mobile AI and mobile device management, can protect against those risks and more.
2 2018 State of Cybersecurity in Small & Medium Size Businesses report (Ponemon/Keeper Security)
4 Small Business Trends