In this interview, we spoke with Dan Olson, CEO of UpCity, a small business intelligence firm that has matched over 2 million businesses to providers they can trust since its inception in 2009.
According to the FBI, cyberattacks spiked 400% during the year 2020. This should be no surprise, given that 47% of individuals fall for phishing scams while working from home.
As businesses begin the return-to-work process, remote and hybrid work models remain prevalent, as do BYOD (bring your own device) policies, so UpCity wanted to understand how prepared businesses are for cyberattacks in 2022.
To do so, UpCity surveyed 600 business owners and IT professionals on their 2022 cybersecurity plans, priorities and budgets.
Findings include:
- Only 50% of U.S. businesses have a cybersecurity plan in place
- Of those, 32% haven’t changed their cybersecurity plan since the pandemic forced remote and hybrid operations
- The most common causes of cyber attacks are malware (22%) and phishing (20%)
- Cybercrime cost U.S. businesses more than $6.9 billion in 2021, and only 43% of businesses feel financially prepared to face a cyber attack in 2022
So, we spoke with Dan about why cybersecurity must be integral to risk mitigation strategies.
Table of Contents
Here Are Dan Olson’s Responses To Our Questions:
1. How important is cybersecurity in the US compared to other countries?
Dan Olson:
For how economically developed and innovative our country is, it’s ironic that we fall behind when it comes to cybersecurity.
According to the latest data from Comparitech, the U.S. ranked 44th out of 75 countries in terms of cybersecurity safety. That may come as a surprise, considering much of what we do is online, but cyber abilities and cybersecurity are two different things.
2. According to the survey, half of the businesses in the US have no cybersecurity plan in place. What are some reasons for this slack?
Dan Olson:
I think for many; it’s a lack of understanding of what dangers are out there and the risks they’re facing without a plan in place. Especially for small businesses, it’s easy to believe they are too small to be hacked. Unfortunately, that’s why they’re an ideal target.
Small businesses may not make as much money as large corporations, but for that reason, they also have fewer protections in place. It’s easier for a cyber criminal to hack into an SMB’s data compared to a large corporation with entire departments dedicated to keeping their data safe.
But you can’t exactly blame someone for assuming that’s the case. You don’t often hear about the little guys in the news getting hacked. It’s significant corporate data breaches that make the headlines, like the infamous Capital One data breach.
3. What are the biggest cybersecurity threats to US businesses in 2022? And why?
Dan Olson:
Secure Shell (or SSH) Brute Force attacks are fairly common in our country, which is when an attacker uses trial and error to guess credentials to access a server. Essentially, a criminal hacker simply tries to guess your password and security questions to view or delete important files. That criminal is simply guessing your password and security questions to view or delete important files.
Spam, or phishing, is also very common. In this method of attack, hackers use texts or emails to disguise themselves as legitimate with the purpose of gaining access to your passwords, account numbers, social security numbers, etc., which will lead them to your email, bank, or credit card. These attacks are usually financially motivated, but not always.
4. What can businesses do to improve cybersecurity and better protect themselves from risks?
Dan Olson:
Education is a powerful tool. Sometimes you need to know what your weaknesses are before you can move forward. That’s why at UpCity, we partner with cybersecurity providers that offer services such as penetration testing, which means letting a trusted professional “hack” your systems to determine your weak points and help you better understand where to invest in protection.
Also, never underestimate common cybersecurity best practices. Make sure your employees use a password manager, change their passwords regularly, and update their software regularly. Not to mention, regular data backup and investing in a VPN.
5. On average, how much do businesses lose due to cyberattacks, and does implementing staunch cybersecurity measures save them money? Or is it more expensive?
Dan Olson:
The average financial cost of cyber attacks to a U.S. small business over 12 months is $25,612, with about 23% of small businesses falling victim to a cyber attack, according to a Hiscox report. That doesn’t include the loss of trust from customers and long-term effects of reputation damage that ensues after a data leak.
Cybersecurity measures may feel expensive in the short term, especially for smaller businesses, but the question to be asking is if a cyber attack is worth the risk. Investing in cybersecurity measures is investing in your customers because it’s a disservice to them to be reckless with their data.
Imagine your business is the target of a data breach and you now need to communicate to your loyal customers that their personal information has been compromised. While prevention methods don’t guarantee your business won’t fall victim to a cyber attack, at the end of the day, you need to be able to tell your clients you did everything possible to protect them.
6. How often would you recommend that businesses revise their cybersecurity plans?
Dan Olson:
Cybersecurity experts will often recommend establishing a regular evaluation to occur either quarterly, semiannually, or annually. It’s important to not skip this either because in our fast-paced, ever-changing world, regulations will change and new threats will pop up.
To stay ahead of the curve, a helpful article from Calculated Research & Technology recommends updating your cybersecurity policy as part of a scheduled evaluation, in response to new regulatory requirements, changes in organizational structure, issues with employee compliance, and (hopefully this doesn’t happen to you) after a cybersecurity incident.
7. Can you tell us more about UpCity?
Dan Olson:
Our mission is that “We help businesses find B2B service providers they can trust.” To uphold this goal, UpCity provides transparency and insights through a data-driven model that measures real credibility indicators and takes the guesswork out of the B2B service provider selection process.
We aren’t able to keep this mission alive without cybersecurity protocols in place. Cyber attackers and bots can leave fake reviews, or our customers who store sensitive information when setting up a profile could be compromised. Embracing cybersecurity is how small businesses can vindicate their missions.
Note: This was initially published in October 2022, but has been updated for freshness and accuracy.
INTERESTING INTERVIEWS
- How To Secure And Protect A Website [We Asked 38 Experts]
- Exclusive Interview with SpyCloud’s CEO and Co-Founder Ted Ross
- Exclusive Interview With Bob Baxley, CTO Of Bastille Networks
- Exclusive Interview With Hugh Taylor, Author Of Digital Downfall
- Exclusive Interview With Mark Stamford, CEO Of OccamSec
- Exclusive Interview With Paul Lipman, CEO Of BullGuard
- Exclusive Interview With Ramil Khantimirov, StormWall’s CEO & Co-founder
- Exclusive Interview With Yoav Keren, Co-Founder & CEO Of BrandShield
- Exclusive Interview With Matt Davey, COO Of 1Password
- Exclusive Interview With Alex Ruiz, COO Of 3GO Security
About the Author:
Christian Schmitz is a professional journalist and editor at SecureBlitz.com. He has a keen eye for the ever-changing cybersecurity industry and is passionate about spreading awareness of the industry's latest trends. Before joining SecureBlitz, Christian worked as a journalist for a local community newspaper in Nuremberg. Through his years of experience, Christian has developed a sharp eye for detail, an acute understanding of the cybersecurity industry, and an unwavering commitment to delivering accurate and up-to-date information.