Cyber-attack? That’s not going to happen to us. It might happen in a large company in another city in some country, but not here. Our company is too small to be a target of cybercrime. Breaking into our IT systems and taking over information or destroying something wouldn't be worthwhile.
This is the common way of thinking in most small and medium-sized companies, and it probably also sounds familiar to you and your colleagues. We find ourselves forced to ruin the peace and harmony with an unpleasant truth: The reality does not necessarily look like this. In fact, you might be under attack while reading this.
Let’s start by debunking some myths.
Myth #1 Only large companies suffer from attacks.
No. Typically, we only hear about the large companies – for instance, Oticon which in September 2019 suffered from an extensive hacker attack – but there are good reasons for this. First, it might be the case that large companies are forced to be open about cyber attacks. There might be rules and requirements concerning the notification of, for instance, investors which require the company to be transparent. Another explanation may be that large companies perhaps both have an IT alert and an insurance which reduce the damages and expenses, and in this way the outcome is less “harmful” to talk about.
Myth #2 Hackers only target companies with enough money to pay the ransom or those that have made themselves unpopular among the public.
No, any company may become victim of a hacker attack – regardless of industry, size, reputation, economy etc. Typically, the hackers aren’t aware of who they are attacking, since the attacks are automised. In fact, it is most often random whether company X or Y is attacked (link in Danish). One minor gap in the security system or an employee clicking a link in an email, and the avalanche sets off. The Danish Agency of Digitisation and the Danish Business Authority have, together with a number of partners, created the portal sikkerdigital.dk (link in Danish) on which you can find a number of cases with companies varying in size, which have previously gotten into troubles.
Myth #3 If all of this is true, we would have heard about those small and medium-sized companies suffering from cyber-attacks.
Attacks happen all the time, without anybody hearing about it. There can be several reasons for this, for instance, that the companies might be embarrassed at not having control of the security, or they are afraid that the customers, employees and business partners loose confidence in the company. These are some of the things mentioned by the case companies displayed on sikkerdigital.dk. However, the reason might also be that the attacks are never discovered. Sometimes the cyber criminals demand a ransom to return the control of the company files. Sometimes they simply just steal a lot of information and disappear again, without anyone noticing.
Go for a customised IT security solution
In order to beat the hackers, you are required, as a responsible company, to take the risks seriously - but be aware that your fear doesn’t turn into panic with you investing in a security package that is way too expensive for your needs.
The reverse of the medal is that you easily spend a lot of money on products that are either way too complex for your needs or too expensive compared to their actual protection. For this reason, you should go for a solution that takes your business and its IT reality into consideration.
At Netic we always start out with a dialogue with the company in question followed by a customised solution, which is based on industry standards such as ISO27001 and CIS. Our aim is to find the best possible level, so that you don’t compromise IT security, nor pay for systems and services that you don’t benefit from.