Whitepaper: Cybersecurity Compromise Assessment

COMPROMISE ASSESSMENT – EXPOSING CLEAR & PRESENT CYBER THREATS

A compromise assessment is a process that retrieves and examines the log files for all types of devices on your organization’s network. It is a historical look at what has been occurring on your organization’s network. When examined through a security lens, the log files provide an evidence-based view of what traffic, activity, and events have been occurring on your network in aggregate and individual devices. According to John Simonds, Mission Essential CTS Senior Security Analyst, “Policies, procedures, recommended configurations, and testing, are all critical parts of an information security program and prescribe how things ‘should be’ done.” 

This assessment is an advanced approach for classifying and prioritizing detected vulnerabilities and unknown security breaches, malware, and areas of unauthorized entry. It’s important to note that a compromise assessment doesn’t look at security policies or check point-in-time; it merely looks at aggregate, factual data. It neatly provides an analysis of events that are or likely are concerning from a security infrastructure standpoint. Simonds adds, “The goal [of a compromise assessment] is to discover nothing suspicious, and nothing out of the ordinary. However, that’s not always the case.” 

THE CYBER THREAT INDUSTRY & CRITICAL NATURE OF COMPROMISE ASSESSMENTS

Cyberattacks used to be the stuff only seen in movies. Now they’re an all too common reality.  And the threat of a cyberattack is only increasing. Security breaches have increased 67% annually in the last five years alone. And it’s not just big companies that are at risk for cyberattacks. SMBs are at high risk, too. In 2018, 58% of cyberattack victims were small businesses. Despite these stark truths, many SMB owners lack preparedness to prevent, detect, and respond to cyber threats. “Smaller businesses often lag behind larger companies in preparedness,” Simonds notes. 

The consequences of a cyberattack – loss of data, economic loss during downtime, the cash spent to remediate the attack, and the reputational damage – all add up quickly. With risks and consequences that high, SMBs must prepare by making data security a top priority. A cybersecurity compromise assessment is the first step. 

LOSS OF DATA

While hackers attack every 39 seconds, one of the most expensive components of a cyber breach is the loss of information. The average cost per stolen record is $150. Furthermore, 53% of companies have more than 1,000 sensitive files that are open to every employee. The loss of confidential information can be crippling, and preparedness is at the forefront to avoid this devastating loss. Simonds remarks, “It seems almost universal that threats and the expansion of the attack surface increase at a pace that exceeds the ability to defend. This stark reality requires SMB’s constant focus on ‘security hygiene’ and best practices to defend themselves properly.” Conducting a compromise assessment will help protect sensitive information and enable you to better understand your organization’s vulnerabilities and threats landscape. 

THE COST OF CYBERATTACKS ON SMBS

No one is safe from cybercrime. Attacks are on the rise, and small businesses will suffer the most. Not only are small businesses at significant risk for a cyber incident, but the repercussions and costs of a threat are just as enormous. In 2018, 67% of small businesses experienced a cyberattack, and 58% experienced a data breach. Keep in mind that this was over the course of just one year. Moreover, the cost of breach remediation and fallout is on the rise. In 2019, the average cost of cyberattack incidents among SMBs was $200,000

A cyberattack can also force organizations to close their doors due to clean-up costs. In fact, according to Malwarebytes, ransomware attacks caused nearly 25% of SMBs to halt operations completely in 2017. Recent statistics show that almost 60% of SMBs forced to suspend operations after a cyberattack never reopen for business. The threat environment for SMBs is incredibly active and intense with a high cost.  

DAMAGED BRAND & REPUTATION

Aside from the cost of an attack, organizations spend varying amounts of money on developing branding and marketing initiatives to build and maintain market share. For those businesses that survive a cyberattack, their brand and reputation are at high risk. Competitors frequently take advantage of a cyber incident and intensify marketing to win over the victim’s customers. Almost 30% of consumers surveyed for a 2019 Bank of America Merchant Services Small Business Payment Spotlight indicated that they would never return to a small business that suffered a breach, up from 20% only two years ago. If managed poorly, customers are likely to lose trust, disassociate from the brand, tell their network about the breach, and shop with a more secure competitor. Implementing initial cyber solutions, such as a compromise assessment, helps identify unpatched vulnerabilities, detect suspicious threats, and so much more to secure your organization’s network. 

CONCLUSION

Compromise can happen anywhere, anytime. Today’s cyber criminals enjoy significant advantages over unprepared SMBs. According to Simonds, “[Cyberattacks are] becoming increasingly more complex and more challenging to recognize and stop.” He adds, “the behavior of attackers has changed, and the cybersecurity industry must adapt to these changing behaviors.” With the developing opportunity for threats and exposure, conducting a comprehensive assessment to defend against the loss of data, revenue loss, and reputational damage that cyberattacks inevitably cause is critical for SMBs. 


REFERENCES

Bissell, K. (March 2019). Nineth Annual Cost of Cybercrime Study: https://www.accenture.com/us-en/insights/security/cost-cybercrime-study 

Walker, I. (January 2019). Cybercriminals Have Your Business in Their Crosshairs and Your Employees Are in Cahoots with Them:  https://www.forbes.com/sites/ivywalker/2019/01/31/cybercriminals-have-your-business-their-crosshairs-and-your-employees-are-in-cahoots-with-them/#164954921953 

Popomaronis, T. (April 2020). 4 Statistical Reasons Data Security Should Be a Top Priority for Small Businesses:  https://www.entrepreneur.com/article/346779 

Keeper Security, Inc. (November 2018). Nearly 70 Percent of SMBs Experience Cyberattacks, Half Do Not Know How to Protect Their Companies: https://www.prnewswire.com/news-releases/nearly-70-percent-of-smbs-experience-cyber-attacks-half-do-not-know-how-to-protect-their-companies-300749965.html 

Hiscox. (April 2019). Hiscox Cyber Readiness Report 2019: https://www.hiscox.com/documents/2019-Hiscox-Cyber-Readiness-Report.pdf 

Whitney, L. (September 2019). How Data Breaches are Hurting Small Businesses: https://www.techrepublic.com/article/how-data-breaches-are-hurting-small-businesses/#:~:text=Based%20on%20a%20survey%20of,percent%20from%20two%20years%20ago 

Sobers, R. (Updated June 2020). 101 Must-Know Cybersecurity Statistics for 2020: https://blogvaronis2.wpengine.com/wp-content/uploads/2019/11/cybersecurity-stats-2020-1.png