Atlanta Small businesses have many challenges to navigate as they evolve through the growth cycle. For some, the challenges lie in human resources issues such as attracting and retaining talent which requires not only a comprehensive employee benefits and training program, but also the proper internal infrastructure. For others, it may mean focusing on ways to diversify their client base. This may include a review of existing strategies to find ways to attract new and different types of buyers. While most are focused on managing these issues, a new report highlights the need to also focus on cybersecurity planning. According to the 2019 Data Breach Investigations Report, 43% of reported data breaches were perpetrated against small businesses. This means that small businesses need to review existing policies and procedures to ensure an optimal level of data protection. To help clients, prospects, and others, Windham Brannon has provided a summary of key findings below.
Key Report Findings
- Most Common Targets – Identifying what types of companies are most frequently targeted provides important insight on where measures can be most beneficial. According to the report, 43% of data breaches targeted small businesses, 16% targeted public sector entities, 15% targeted healthcare organizations and 10% targeted financial service companies. The number of incidents suggests cybercriminals are focusing efforts on targets of opportunity, small businesses, which often have limited cybersecurity measures in place.
- Tactics – In order to implement the most effective measures, it’s important to understand the tactics commonly used. According to the report, 52% of breaches featured hacking, 33% social attacks, 28% malware, 15% misuse by authorized users and 4% featured physical actions in order to perpetrate the breach. While it’s clear some cases involved user issues, the data is clear that hacking should be a primary concern.
- Hacking Varieties – Since hacking is the most common method of perpetration, it’s important to understand how attacks are occurring. The report found that 62% use stolen credentials, 38% backdoor of C2, 8% brute force attacks, 7% buffer overflow, 4% abuse of functionality, 3% SQLi and 3% used RFI. The high incident rate of stolen credentials offers the opportunity for businesses to add 2-factor authentication as an additional layer of security.
- Impacted Assets – Once the breach has occurred, cybercriminals target a number of different assets to inflict damage or steal data in the event chain. According to the report, 39% target the email server, 28% user desktops, 25% web application server, 22% server database, 10% media documents, 8% POS controller on server and 5% user laptops.
- Data Types Impacted – The type of data impacted during a breach can also provide insights into areas with the highest vulnerability of disclosure. The report uncovered that 39% of cases involved the disclosure of internal data, 36% credentials, 31% personal, 28% medical, 19% payment, 17% company secrets, 15% bank account information and 8% classified data.
- Targeted Industries – The attack patterns also show which industries are at a higher risk of a breach. According to the report, 29% of targets were healthcare organizations, 24% professional services, 19% finance, 12% manufacturing, 10% education, 8% public sector, 6% hospitality, and 3% were retail and retail trade companies. It’s no surprise the most heavily targeted industries are those that use, manage, and store high-value individual and financial information.
Contact Us
The type and complexity of attacks is ever-changing and the prevention tactics which work well today may be far less potent in the future. This means Atlanta companies need to regularly review, test and enhance their cybersecurity program for maximum protection. If you have questions about the report or need assistance with a cybersecurity or related issue, Windham Brannon can help. For additional information call us at 404-898-2000 or click here to contact us. We look forward to speaking with you soon.
