What is the difference between a reactive and proactive approach to cybersecurity? In this blog this question will be discussed, as well as identifying the importance of cybersecurity.

Everyone knows that big organisations are being attacked by cyber threats for obvious reasons of finance, reputation, and the amount of sensitive information that can be obtained. But what about smaller businesses? Should they be concerned with cybersecurity? Smaller businesses, on average, do not have the correct technical controls and conduct staff training to defend against common cyber-attacks, this can be due to the common misconception that smaller businesses are not targeted, or due to not enough funding going into strengthen their cyber resilience.

Like all things within business, cost is a large factor. However, cybersecurity is still a crucial part of a business to maintain. Let us look into the typical cost of a breach for small/medium sized businesses. In IBM’s 2022 report, Cost of a data breach, they explain that small businesses saw an increase from £1.9 million in 2020 to £2.5 million in 2021. IBM identified four process-related activities that drive a range of expenditures associated with an organisation’s data breach:

• Detection and escalation – costs associated with reasonably detecting a breach.
  • Forensic and investigative activities
  • Assessment and auditing services
• Notification – costs associated with notifying data subjects, regulators, and other third parties.
  • Emails, letters, outbound calls, or general notice to data subjects
  • Determination of regulatory requirements and communication with regulators
• Lost business – costs associated with loss of customers, business disruptions and revenue lost.
  • Business disruption and revenue losses from system downtime
  • Cost of lost customers and acquiring new customers
  • Loss of reputation
• Post-breach response – costs associated with helping victims of a breach.
  • Legal expenditures
  • Regulatory fines

A popular way to steal from companies is through ransomware. Ransomware is malware that prevents you from accessing devices and the data stored on them. This is usually done by encrypting files, of which they will then demand a ransom in exchange for decryption. The computer itself may become locked, or the data on it might be encrypted, stolen or deleted. The attackers may also threaten to leak the data they steal.

So, what should businesses looking out for when it comes to cybersecurity? Verizon’s 2022 report, Data Breach Investigations Report, identified common ways that breaches occur, here are the top 3:

1. Criminal hacking (45%) – Malware and SQL injection, for example, are usually only possible if a criminal hacks into an organisation’s system.

What might come as a surprise is how many activities criminal hacking encompasses. It’s usually associated with computer coding, but Verizon found that the most common criminal hacking technique involved stolen credentials. This does not require any technical knowledge. Crooks can purchase the credentials on the dark web, find them written down, crack them using a password-generating machine or guess them.

Once a cybercriminal has login credentials, they can perform any number of nefarious activities, but usually boils down to extracting information to commit fraud or sell on the dark web, or to launch further attacks, such as phishing scams.

2. Human error (22%) – Breaches do not have to be caused by someone acting maliciously. Verizon found that more than one in five incidents was the result of a mistake made by an employee.

The most common errors involved sensitive information being sent to the wrong person. This might involve sending an email to the wrong person, attaching the wrong document or handing a physical file to someone who shouldn’t have access to the information.

The next most common cause of human error was misconfiguration, which typically involves leaving a database containing sensitive information online without any password restrictions.

3. Social engineering (22%) – Verizon’s research found that almost a quarter of data breaches are caused by fraudsters simply acting as though they belong.

Phishing is the main example of this in which cyber criminals send malicious emails that look legitimate to try and extract sensitive information from the user posing as a legitimate entity. Once they have that information, the malicious actors can commit fraud, sell the data, or contact a third party (such the victim’s bank or a supplier that the victim’s employer works with) requesting information about their account history.

In conclusion, we have looked at how businesses can be breach, and how much it costs. So, what is the difference between proactive and reactive. A proactive approach means to prevent breaches by strengthening security consistently; while, reactive is patching a vulnerability once someone has exploited it. The equivalence is not buying and maintain locks for your office doors until someone breaks in.