(Post 1 of the 12-week Information Security Management blog series)
When I started Concerned Nerds it was because I had the realization that the cybersecurity industry often times seems to overlook little companies with small budgets, preferring instead to market where the big money is. The technological solutions used to secure networks, such as network intrusion detection, enterprise firewalls, vulnerability scanners, patch management, and data-loss prevention are more oft than not simply far outside of a small company’s budget. Moreover, with an average annual salary of over $91,000, employing cybersecurity professionals who would normally manage the security of a network is out of the question.
In truth, small businesses are grossly underprepared for cyber-threats. Nationwide insurance reports that 78% of small businesses have absolutely no cyber-attack recovery or response plan whatsoever. The SEC found that 27% of small companies have no cybersecurity implemented at all and that a similar number of companies have difficulty in implementing what little they do have. The same SEC report found that while small businesses were seriously underprepared to deal with cyber-threats, roughly half have endured some sort of cyber attack. In fact, at least 43% of all cyber attacks target small businesses as of 2015, up from only 18% in 2011. To drive the nail in the coffin, a recent article by the Denver Post revealed that of all the small businesses that sustain a cyber attack, 60% will be out of business within six months.
I consider myself to be just a little bit of an idealist and Concerned Nerds is simply a way for me to try to educate the smaller businesses. There are many non-technological measures that companies can implement to help protect themselves that cost little to nothing. Many times there are free open source technological solutions that serve as good alternatives to costly commercial products.
This site is my platform to educate whomever will read what I share and heed the spirit of what I write. I whole-heartedly believe that small businesses do not need to be left out in the dark with cybersecurity if only they are provided with the information necessary to understand why it is important and what they can do to protect themselves.