Hopefully by now all small business owners know they're likely to be subject to cyber attacks, and with increasing frequency. Yet one of the greatest barriers to fending off such attacks is gathering and mobilizing around information on threats as they emerge.
That's according to the Ponemon Institute, a security research group, which Wednesday released its second annual survey on cyber-threat intelligence sharing. Its findings might help you as you continue to hone your own defense plan, should you face a hacker attack.
And if you haven't developed a cyber security plan, it's time to start. Not only are such attacks likely to happen, the average cost an organization pays for data breaches is $6.5 million, Ponemon says. That's an 11 percent increase compared to 2014. Even if your business is quite small, the average cost per record stolen in an attack has climbed to $217, up 8 percent compared to 2014, according to a separate Ponemon survey on data breach costs released in May.
About half of respondents in the most recent survey said they had been the victims of cyber attacks that cost them "material" amounts of money in the past two years. Nearly two thirds of respondents said the attacks they experienced could have been prevented if they had access to more shared and trusted information about the cyberthreats they faced, an increase of 4 percent from 2014.
"It is becoming more and more apparent that raw threat data is not effective," said Larry Ponemon, chairman and founder of the Ponemon Institute in a press release. "Just like the bad guys share ways to carry out their attacks, organizations must also share actionable and timely ways to stop threats."
Here are three ways to better promote information sharing:
1. Make connections.
There are too few trusted sources, according to nearly two thirds of respondents. While just 13 percent of those surveyed said they trusted government sources, 56 percent said they relied on peers at other companies for exchange of information, and 61 percent said they used information from security vendors. It might be helpful to establish a trusted person or third-party intermediary to share your information about cyber threats with other organizations.
2. Share your experiences quickly.
Two thirds of respondents said most cyber threat information is not timely enough by the time it's shared, and nearly half say it is not organized well enough--for example according to threat type and attacker--for them to respond. Come up with a quick solution for information exchange, as respondents said they were less likely to make use of cyber attack information after just a few minutes. Similarly, break down silos within your organization that prevent IT from sharing threat information throughout your organization, and with other organizations.
3. Get an outside opinion.
Sixty-two percent of respondents said they fear legal liability for sharing threat information.Deal with your liability concerns about sharing, potentially by checking with your attorney.
Ponemon surveyed close to 700 IT professionals in September. More than a quarter hailed form firms with fewer than 500 employees.