In this interview, we spoke with Dan Olson, CEO of UpCity, a small business intelligence firm that has matched over 2 million businesses to providers they can trust since its inception in 2009.
According to the FBI, cyberattacks increased by 400% in 2020. This should be no surprise, given that 47% of individuals fall for phishing scams while working from home.
As businesses begin the return-to-work process, remote and hybrid work models remain prevalent, along with BYOD (bring your own device) policies. Therefore, UpCity sought to understand how prepared businesses are for cyberattacks in 2022.
To do so, UpCity surveyed 600 business owners and IT professionals on their 2022 cybersecurity plans, priorities, and budgets.
Findings include:
- Only 50% of U.S. businesses have a cybersecurity plan in place
- Of those, 32% haven’t changed their cybersecurity plan since the pandemic forced remote and hybrid operations
- The most common causes of cyber attacks are malware (22%) and phishing (20%)
- Cybercrime cost U.S. businesses more than $6.9 billion in 2021, and only 43% of businesses feel financially prepared to face a cyber attack in 2022
So, we spoke with Dan about why cybersecurity must be integral to risk mitigation strategies.
Table of Contents
Here Are Dan Olson’s Responses To Our Questions:
1. How important is cybersecurity in the US compared to other countries?
Dan Olson:
Given our country’s economic development and innovation, it’s ironic that we fall behind in cybersecurity.
According to the latest data from Comparitech, the U.S. ranked 44th out of 75 countries in terms of cybersecurity safety. That may come as a surprise, considering much of what we do is online, but cyber abilities and cybersecurity are two different things.
2. According to the survey, half of the businesses in the US have no cybersecurity plan in place. What are some reasons for this slack?
Dan Olson:
I think for many, it’s a lack of understanding of what dangers are out there and the risks they’re facing without a plan in place. Especially for small businesses, it’s easy to believe they are too small to be targeted by hackers. Unfortunately, that’s why they’re an ideal target.
Small businesses may not make as much money as large corporations, but for that reason, they also have fewer protections in place. It’s easier for a cyber criminal to hack into an SMB’s data compared to a large corporation with entire departments dedicated to keeping their data safe.
But you can’t exactly blame someone for assuming that’s the case. You don’t often hear about the little guys in the news getting hacked. It’s significant corporate data breaches that make the headlines, like the infamous Capital One data breach.
3. What are the biggest cybersecurity threats to US businesses in 2022? And why?
Dan Olson:
Secure Shell (SSH) Brute Force attacks are fairly common in our country, where an attacker uses trial and error to guess credentials to access a server. Essentially, a criminal hacker attempts to guess your password and security questions to access or delete important files. That criminal is simply guessing your password and security questions to view or delete important files.
Spam, or phishing, is also very common. In this method of attack, hackers use texts or emails to disguise themselves as legitimate, with the purpose of gaining access to your passwords, account numbers, social security numbers, and other sensitive information, which can lead them to your email, bank, or credit card accounts. These attacks are usually financially motivated, but not always.
READ ALSO: 5 Best CyberArk PAM Alternatives and Competitors
4. What can businesses do to improve cybersecurity and better protect themselves from risks?
Dan Olson:
Education is a powerful tool. Sometimes, you need to identify your weaknesses before you can move forward. That’s why, at UpCity, we partner with cybersecurity providers that offer services such as penetration testing, which involves letting a trusted professional “hack” your systems to identify weak points and help you better understand where to invest in protection.
Additionally, never underestimate the importance of common cybersecurity best practices. Ensure that your employees use a password manager, change their passwords regularly, and keep their software up to date. Not to mention, regular data backup and investing in a VPN.
5. On average, how much do businesses lose due to cyberattacks, and does implementing staunch cybersecurity measures save them money? Or is it more expensive?
Dan Olson:
The average financial cost of cyberattacks to a U.S. small business over 12 months is $25,612, with approximately 23% of small businesses falling victim to a cyberattack, according to a Hiscox report. That doesn’t include the loss of trust from customers and the long-term effects of reputation damage that ensues after a data leak.
Cybersecurity measures may seem expensive in the short term, especially for smaller businesses, but the question to ask is whether a cyberattack is worth the risk. Investing in cybersecurity measures is investing in your customers because it’s a disservice to them to be reckless with their data.
Imagine your business is the target of a data breach, and you now need to communicate to your loyal customers that their personal information has been compromised. While prevention methods don’t guarantee your business won’t fall victim to a cyber attack, at the end of the day, you need to be able to tell your clients you did everything possible to protect them.
6. How often would you recommend that businesses revise their cybersecurity plans?
Dan Olson:
Cybersecurity experts often recommend establishing a regular evaluation schedule that occurs quarterly, semiannually, or annually. It’s essential not to skip this either, because in our fast-paced, ever-changing world, regulations will continue to evolve and new threats will emerge.
To stay ahead of the curve, a helpful article from Calculated Research & Technology recommends updating your cybersecurity policy as part of a scheduled evaluation, in response to new regulatory requirements, changes in organizational structure, issues with employee compliance, and (hopefully this doesn’t happen to you) after a cybersecurity incident.
7. Can you tell us more about UpCity?
Dan Olson:
Our mission is “We help businesses find B2B service providers they can trust.” To uphold this goal, UpCity provides transparency and insights through a data-driven model that measures real credibility indicators, taking the guesswork out of the B2B service provider selection process.
We cannot keep this mission alive without cybersecurity protocols in place. Cyber attackers and bots can leave fake reviews, or our customers who store sensitive information when setting up a profile could be compromised. Embracing cybersecurity is a key way for small businesses to fulfill their missions.
Note: This was initially published in October 2022, but has been updated for freshness and accuracy.
INTERESTING INTERVIEWS
- How To Secure And Protect A Website [We Asked 38 Experts]
- Exclusive Interview with SpyCloud’s CEO and Co-Founder Ted Ross
- Exclusive Interview With Bob Baxley, CTO Of Bastille Networks
- Exclusive Interview With Hugh Taylor, Author Of Digital Downfall
- Exclusive Interview With Mark Stamford, CEO Of OccamSec
- Exclusive Interview With Paul Lipman, CEO Of BullGuard
- Exclusive Interview With Ramil Khantimirov, StormWall’s CEO & Co-founder
- Exclusive Interview With Yoav Keren, Co-Founder & CEO Of BrandShield
- Exclusive Interview With Matt Davey, COO Of 1Password
- Exclusive Interview With Alex Ruiz, COO Of 3GO Security
About the Author:
Christian Schmitz is a professional journalist and editor at SecureBlitz.com. He has a keen eye for the ever-changing cybersecurity industry and is passionate about spreading awareness of the industry's latest trends. Before joining SecureBlitz, Christian worked as a journalist for a local community newspaper in Nuremberg. Through his years of experience, Christian has developed a sharp eye for detail, an acute understanding of the cybersecurity industry, and an unwavering commitment to delivering accurate and up-to-date information.
