SMBs are most at risk from data breaches, warns Juniper

The average SMB spends a little over £3,000 on cybersecurity annually - but a data breach can cost as much as £300,000

Criminal data breaches will cost businesses a total of $8 trillion over the next five years, with SMEs particularly at risk. The threat of breaches is rising as the world of business increasingly moves online, but most SMEs are unable to adequately protect themselves.

Juniper Research expects the number of personal data records stolen by cybercriminals to reach 2.8 billion this year, and almost double, to 5 billion, in 2020. This is despite the spread of new infosec solutions - Juniper notes that cybersecurity becomes particularly problematic when new and old systems are lumped together, without regard to overall network security.

SMEs must protect themselves

The average SME is expected to spend less than $4,000 on cybersecurity this year; an amount that will increase only a little over the next five years. They also tend to use older security software; a vulnerability that attacks like WannaCry have exploited.

"The attacks on hospital infrastructure show that inadequate cybersecurity can now cost lives as well as money" - James Moar, Juniper Research

Although WannaCry was a comparatively basic tool, it demonstrated that the popularity of ransomware is increasing in the hacking community. All businesses should watch for more advanced forms, as ransoming stored data and devices is becoming potentially more lucrative than stealing financial details. Juniper expects easy-to-use ransomware toolkits to be developed.

The use of ransomware accelerated in 2015 and 2016, according to Juniper Research's new whitepaper. With the rise in the number of IoT devices (and, thus, data) in the world, the firm expects these attacks to continue to increase.

As well as ransomware, denial of service (DoS) attacks are common - although these frequently serve to hide another move that the attacker is making. DDoS attacks, says Juniper, are now frequently targeting the root DNS services of a network, rather than the application layer. The effect is to amplify the effect of an attack by taking down the supporting structure, not just the services themselves.

By 2022, Juniper expects that the annual spend for enterprise cybersecurity products will reach almost $135 billion: a 7.5 per cent CAGR.

Experian released its own whitepaper last year on the topic of data breaches, in which it said that SMEs vastly underestimate the cost of a breach - by an average of 40 per cent. Government figures (from the Information Security Breaches Survey 2015) show that breaches cost £310,000 on average, while most SMEs estimate the cost to be around £180,000.

Shortly after the WannaCry worm spread across the world, we published several tips on how to protect yourself and your business, which all companies should follow as a matter of course to as an aid against ransomware.