Advice on Keeping Smaller Businesses Safe From Cybercrime

The threat of ransomware and malware are growing. The “WannaCry” attack impacted at least 200,000 computers in 150 countries before peaking last week. Adylkuzz is another piece of malware currently threatening computers around the world. As computers become increasingly connected, so opportunities for cybercrime expand, say the experts. Part of the problem is that the Internet wasn’t designed with cybersecurity protections, and criminals are attracted to cybercrimes for the relatively easy profits they can make.

The Wall Street Journal reports that, according to Gartner, companies spent $81.6 billion on cybersecurity in 2016. At the University of Houston’s Center for Information Security Research and Education, associate director Chris Bronk says that, “thing are, on whole, getting worse.”


“Some individual companies are doing better,” he said. “But as an entire society, we’re not doing better yet.” Mimecast cybersecurity strategist Matthew Gardiner notes that greater profits have encouraged the development of criminal corporations conducting cybercrimes, with a “true division of labor.” The result is that it is particularly difficult for small-to-medium-size businesses to protect themselves.

Bronk has three pieces of advice. First, “retrain IT staff on security — or replace them” because “all IT staff must now be cybersecurity staff first.” “The good news is that you don’t need that dedicated person to run your email server anymore,” said Bronk. “They can run security.”

Second, push everything to the cloud, because “pretty much anything can be done better with a cloud-based service.” “I mean, even the CIA uses Amazon’s web services,” he said. “If there’s a best of breed, why not use it?” Third, Bronk says that, “new IT investment will need baked-in security.”

The Bureau of Labor Statistics shows that jobs in IT security are up 33 percent in the last four years, making it one of the fastest-growing categories in tech. IBM Security global executive security adviser Diana Kelley notes that, in the future, “we can think about [security] upfront and weave it into the process in a much more effective way.”

The cloud is vulnerable to some attacks, however. Electronic signature company DocuSign was hacked, allowing the criminals to target customers with malware disguised as a Microsoft Word doc. Denial-of-service attacks can also “make the cloud inaccessible at critical times.”

For WannaCry Victims, a Possible Way Out, The Wall Street Journal (sub required), 5/19/17