On Time Tech

Why Are So Many Small Businesses Not Buying into Better Security?

Written by Lance Stone | Oct 19, 2016 11:43:03 AM

With the many warning signs and cautionary tales out there coming fast in the form of cyberattacks that highlight the need for businesses to attain a greater level of security, a surprising number of SMB enterprises are still opting-out of better data protection and cybersecurity. Why is that? The main culprit for this dangerous stubbornness is likely the old, “It can’t happen to us” syndrome, which lends the false impression (for as long as a devastating cyberattack doesn’t occur) that a given enterprise is immune to such unthinkable folly. But, the statistics speak louder than erroneous or convenient belief systems that put off business network security and data protection investment.

Plus, more SMBs are being targeted by malicious hackers and their spyware, malware, and ransomware with greater frequency. It simply runs contrary to sheer logic to throw such pragmatic caution to the wind as having adequate data security and network cyber defense assurance in the face of the absolute crisis which the cyber-connected world faces every day. Some IT pundits argue that the ransomware crisis isn’t as formidable as evidence shows it to be, or they play down its efficacy as a “petty theft” tool, proclaiming an unflappable belief in the ability of free decryption tools and savvy IT wizards to be able to thwart ransomware hacks as fast as they can come. To a certain extent, this belief is well-founded for a few white hat hacking mavens. The rest of us need the insurance policy of security controls in place.

Security Investment vs. ROI

Global Security Lead Ian Trump, talking in a recent Huffington Post article, points up the “subtle” difference between the ways IT providers will tend to characterize the need for SMBs and other organizations to have IT security. Trump says that IT services providers are “falling down” in how they present or fix the idea of IT security in the minds of clients at the sales level. Arguing that it should be seen less as “game-changing technology” that providers try to get enterprise owners and executives (artificially) enthusiastic about, Trump says that this cements the idea that IT security or managed services or an extraneous expense or indulgence rather than a needful investiture like any given business capital expenditure.

Instead, argues Trump, IT providers need to play up the self-selling ROI angle and present how the investment in IT pays off in spades. Many SMB owners still aren’t buying into “IT investment” per se, perhaps erroneously seeing it as a gamble, like pay-per-click internet marketing, having no guaranteed payoff. But, IT security is indeed (and obviously) worth investing in, argue the experienced IT professionals who have seen first-hand the definitive results in business performance and even profitability due to having top-tier security assurance in place.

Case in Point

The argument for maximized IT security far outweighs any against it. Case in point, Scoular Co., located in Omaha, Nebraska lost $17.2 million after an executive at the company was tricked by Business Email Compromise (BEC) (a scam targeting businesses generally working with foreign suppliers and/or partners that routinely perform wire transfer payments) into wiring money to a Chinese bank after receiving fraudulent emails purporting to come from the CEO which requested him to do so.

This particular scam (one of many aimed at networked executives and office staff) is carried out by compromising legitimate business email accounts through social engineering, fraudulently registered domains or malware and is used to conduct unauthorized transfers of funds, or to trick employees into transferring funds. According to the Internet Crime Complaint Center (IC3), BEC cost business ventures $246 Million in 2015.

On another point underscoring the need for better cybersecurity and safety measures, employees wasting time on the internet cost SMBs 4 billion annually, according to Brick House Security. As they click around the Web wasting company time, they also increase the chances that they will inadvertently click on a malware-loaded link or come across a too-hard-to-resist phishing scheme like the fake Chinese email that burned Scoular.

IT Proof Positive

An MIT Sloan Management Review article on IT investment showed definitively that information technologies deployed since 1995 “have [had] a significant positive impact on profitability”. The article went on to say that “as industries become more competitive, the effect of IT on profitability increases.”

An August 22, 2016, article in Lifewire.com entitled, “Calculating the Value of an IT Investment,” provides it investment analysis terminology and break-downs that help SMB execs calculate the ROI of IT investiture using contemporary metrics and techniques. It admits that the “inflows or benefits resulting from IT investment can be subjective and less exact” but also that, basically, you have to make your investment in IT solutions scalable to your operational variables to have it mean anything at all.

This and reams of other extant proof positive clearly shows that investing in IT security carries long-term payoffs and scalable solutions that more than merit the initial and ongoing investment in it, they warrant it with their relative low cost and data and financial loss prevention.

Consult with Cyber Safety and Security Experts

If you need further advice about cyber security and data protection, {company} is a proven leader in providing IT consulting and security solutions in {city}. Contact one of our IT experts at {phone} or send us an email at {email} today, and we can help you with all your cyber safety, defense, and security questions or needs.