Almost all small businesses do not take adequate measure to beef up the security to eliminate the chances of security breaches. Therefore, they can be a perfect target for hackers and cybercriminals. Only 31 percent of small businesses take active measures to guard themselves against security breaches. Furthermore, 41 percent of small businesses are unaware of the risks accrued with human error, and only 22 percent of small businesses are willing to improve the security measures from last year. However, there has been a significant growth compared to 2013 data for the same parameter.

The reasons for the vulnerability of SMBs can be grouped into two categories:

a)      Lack of awareness

b)      Exposure to threats

Lack of Awareness

Most of the security breaches at SMBs can be attributed to their lack of awareness. The management of these SMBs is unaware of the various security threats present on the Web. Not only the management, even staff and employees, are unaware of threats. More than 75 percent of the employees leave their system unsecured. Twenty-nine percent of the participants in a survey said that cybersecurity is an “average” priority on their list. In the same survey, only 15 percent of participants confidently agreed that they are “very knowledgeable” about advanced persistent threats while a whopping 75 percent acknowledged that they are only “somewhat” knowledgeable about the topic.

Exposure to Threats

Lack of awareness and exposure to threats is a vicious circle which is very difficult to get rid of. Many businesses are exposed to cyber threats due to a lack of knowledge about the causes and the remedies available. Around 25 percent of respondents rated their companies’ abilities to detect and block threats as “poor” or “fair” while only 39 percent agreed that their company’s security system was excellent or good. This gives a fair idea about the situation prevailing in the market today.

Security Breaches Hurt Small Businesses Most

It might not surprise you that security breaches hurt small businesses the most. More than 70 percent of attacks target small businesses. It is estimated that 60 percent of hacked SMBs go out of business after only six months.  This research may be a bit skewed, since the number of people ignorant about cybersecurity is high. People still consider traditional security measures like antiviruses and firewalls efficient. Reducing people from the list would lead to even a smaller number of people aware about the matter.

Cost of Data Breach is Higher Than You Think

A lack of awareness, coupled with exposure to threats, has led to a drastic increase in the number of attacks. These attacks increased to 31 percent from a mere 18 percent in 2014. If you think that you can get away easily after an attack, think again. The cost of recovery is staggering and in most cases, it leads to the shutdown of businesses. The average cost of recovery from SMB data breaches is $36,000 and can even lead to a loss of up to $50,000. This amount may even be the total value of small businesses. Recovery may be near to impossible if you are a data breach victim.

Since most small businesses aren’t able to recover after security breaches, it is always a good option to keep precautionary measures ready against an attack.

Protect Your Organization

SMBs are large corporations in their nascent stage. Any breach at such a stage may prove to be detrimental to the future of the entire business. Businesses must take every step with due care and diligence to avoid data breach incidents. If large corporations are not able to protect themselves against attacks, then it can become a staggering task for the SMBs to come up with a foolproof plan to counter these incidents.

Mending the above-mentioned loopholes and devising secure measures for protecting your business proves to be extremely efficient in protecting yourself against security threats. A little precaution and smart work can help you protect millions. Keeping a vigilant eye on the events in your surroundings will definitely help you stay in business and rise to the top.

https://www.securitymagazine.com/articles/87288-the-costs-and-risks-of-a-security-breach-for-small-businesses

Advertisements

2018 brought a lot of change to small business. In the wake of many new cybersecurity threats and breaches, the National Institute of Standards and Technology (NIST) Small Business Cybersecurity Act was passed into law in August 2018, and it requires NIST to provide cybersecurity resources to small and medium-sized businesses (SMBs) to help protect them against future problems.

With the exponential increase in cyberattacks, it is great to see a continued investment in cybersecurity initiatives. Small businesses are not immune to threats and are often not equipped with the IT resources or personnel to protect their networks. The NIST Small Business Cybersecurity Act will provide SMBs with a simplified cybersecurity framework as a starting point for any efforts to protect their businesses from threats.

What is NIST?

NIST is a United States government agency, under the Department of Commerce, that promotes industry competitiveness in all nationally important areas, from communications and cybersecurity to advanced manufacturing and disaster resilience. NIST provides standards and guidelines for the federal government. The Small Business Cybersecurity Act is based on NIST’s Framework for Improving Critical Infrastructure, which provides standards and best practices to protect the nation’s critical infrastructure. This framework, launched in 2014, is also voluntary, but it provides organizations a simple methodology to identify, assess and manage cybersecurity risks. By taking the same simple approach from the framework, the Small Business Cybersecurity Act provides small and medium businesses a simple risk assessment to understand where their vulnerabilities lie, and which actions to take to fix those vulnerabilities.

Why Is This Good News for SMBs?

Small and medium businesses are just as likely to be targeted by hackers as large enterprises and corporations. However, due to their size and limited budgets, they often lack the IT expertise and resources to adequately protect their networks and employees. This new framework will provide SMBs a variety of resources to help them understand the evolving cybersecurity risks, including worksheets and best practices for basic security measures and tools they can implement, as well as methodologies to educate and train employees on cyberthreats and various attack vectors so they can adequately identify and stop attacks. The law also specifies that NIST must provide resources specifically for SMBs in any industry with any type of data or devices in their networks and be technology-neutral.

Many small businesses may not even realize that their data is at risk. SMBs utilizing third-party vendors to manage their networks and data may assume they are not responsible in the event of a breach. However, the authorities and governing bodies will hold the business owner responsible for any breach, no matter who’s fault it was. With third-party breaches taking over the news recently, it is crucial for SMBs of any industry and size to take cybersecurity very seriously and put the right tools in place to protect their network, data and customer information. This new NIST framework will help SMBs take note of the risks third-party vendors can bring, educating business owners to take their time when selecting one.

What Does This Mean for Customers?

Customers of SMBs that implement the NIST Small Business Cybersecurity Act can breathe a sigh of relief knowing that their data is being proactively protected from hackers. Customers may take note of businesses that are not doing enough to protect their personal data, and may start shopping and utilizing companies that do take cybersecurity protection seriously.

As more and more companies experience large-scale breaches, customers are increasingly becoming savvy to which organizations are protecting their data. Companies that aren’t taking adequate measures may come under fire and be less appealing to customers.

Here’s What SMBs Should Know:

This framework will be a great resource for SMBs to compare their current network security protection (or lack thereof) to and see what additional security measures they should implement or consider. Since this framework is only voluntary and not required, it may be that not enough small businesses utilize these resources. If more and more breaches are to occur, specifically targeting SMBs, we may see NIST take action and make this framework into a standard that companies must abide by or face penalties.

What Does This Mean for Vendors’ SMB Security Solutions?

Since the framework will not specify security solutions, each security provider will need identify how their solutions fit into the NIST guidelines. Compliant companies are likely to tout their solutions as being in line with NIST recommendations, which will be a key indicator for SMBs as they look for credible solution providers.  SMBs should take their time and research options before selecting a vendor to work with. Vendors that specifically cater to SMBs are often more keenly aware of the needs of SMBs and often provide affordable, flexible solutions that simplify complex cybersecurity issues.

The NIST Small Business Cybersecurity Act is a step in the right direction as we continue to encounter an increasingly diverse and rapidly changing threat landscape. Small businesses are particularly susceptible. It’s increasingly important that we offer them more guidance and options for security – and potentially more regulations to protect their customers – in the future. While this law only instructs for the creation of information at this point, this information can be vital to small businesses who have previously lacked the basics to properly protect their company and customers.

This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security magazine. Subscribe here.

Mirantis scored an eight-figure, multi-year deal to provide AT&T with core infrastructure software to run the carrier’s 5G services. The central component of that core infrastructure is Kubernetes and is part of AT&T’s previously announced Airship initiative.

Mirantis CEO and co-founder Adrian Ionel explained that the company’s platform allows Kubernetes to be run on-premises, on bare metal, or in the cloud. And in the case of its latest work with AT&T, that Kubernetes base supports OpenStack as a workload on top of the container orchestrator.

Ionel explained that its work showed that Mirantis was able to bind the Kubernetes substrate to bare metal and that it could get that substrate to work at scale. He said that Mirantis expects the platform to run a few thousand nodes this year, and then scale to 10,000 nodes over the next three years, and more than 20,000 nodes “in the years to come.”

“This is really about Kubernetes taking a prime role in the future infrastructure of a gigantic carrier,” Ionel said. “The scale of this is really staggering.”

In addition to its 5G service, the platform is also supporting AT&T’s FirstNet public safety network that is running as a workload on the carrier’s Network Cloud infrastructure. “This really shows the security improvements that have been made by the Kubernetes ecosystem,” Ionel added.

Kubernetes, OpenStack

For the AT&T implementation, Mirantis is running OpenStack on top of Kubernetes. But, Ionel said that’s not the only way for those two platforms to operate. He explained that operators should view them equally with the correct implementation dictated by the network architecture.

“My view is that the ideal architecture will be for Kubernetes to run on bare metal on-premises with everything running on top,” Ionel said. “But for those with a lot of OpenStack already deployed, they can run Kubernetes on top to manage containers and virtual machines and take advantage of a level of abstraction that is not quite there with Kubernetes.”

As an example, Ionel said Mirantis was working with India’s Reliance Jio on running OpenStack on top of Kubernetes. It is also working on a smaller deployment with carmaker Volkswagen to run Kubernetes on OpenStack in an on-premises environment.

The AT&T agreement, obviously, also calls for Mirantis to join the Airship project. As part of that work, Mirantis is focused on integration between the Drydock pluggable bare metal provisioning API for Airship and the OpenStack Ironic project that provisions bare metal machines. It’s also working on streamlining the initial configuration process for deploying Kubernetes-native services on-premises, and supporting multiple operating systems to broaden the choice of virtual network functions (VNFs).

Mirantis’ work also involves integration of code from its Mirantis Cloud Platform (MCP). That integrated cloud platform supports virtual machines (VMs) using OpenStack, containers using Kubernetes, and bare metal, all on the same cloud.

The company last year launched its MCP Edge platform that is based on Kubernetes. It uses the container orchestration platform, OpenStack, and Mirantis’ DriveTrain infrastructure manager to support operators in deploying a combination of container, VMs, and bare metal points of presence (POP) that are connected by a unified management plane.

“It’s basically a Kubernetes distro that is purpose built for service provider edge deployments,” explained Boris Renski, co-founder and chief marketing officer at Mirantis. “We are specifically targeting the infrastructure substrate that infrastructure would run at an aggregation location.”

Airship Rising

AT&T launched Airship last May through a partnership with SK Telecom, Intel, and the Open Stack Foundation. That work evolved out of past work between the organizations as part of the OpenStack Helm project that started in 2017.

The initial focus of Airship is the implementation of a declarative platform to introduce OpenStack on Kubernetes (OOK) and the lifecycle management of the resulting cloud. Basically, Airship allows operators to manage cloud sites at every stage from creation through minor and major updates, including configuration changes and OpenStack upgrades. It does this through a unified, declarative, fully containerized, and cloud-native platform.

“What Airship allows us to do is containerize our control plane,” Amy Wheelus, vice president of AT&T’s Network Cloud, told SDxCentral during a carrier event late last year. “This reduces the size of the control plane so the overhead went down and the unit cost is better. It also allows us to move faster.”

Airship is also the basis for AT&T’s 5G network launch. “5G is our first use case,” Wheelus said, adding that the carrier has virtualized its 5G core that is now riding on its Network Cloud and being provisioned by Airship.

Wheelus at that time also mentioned that the carrier was still working through maturation issues with the platform. She explained that the most pressing issue is minimizing the impact on network operations during more frequent update cycles.

“In Network Cloud if I have to reboot a host there will be an impact,” Wheelus said. “VNFs today are not as mature as a traditional IT app that works on the cloud. Those are more stateful, and that is a challenge for rebooting in a container environment.”

Renski said that the Airship ecosystem has made significant maturity gains that Mirantis is now bringing back into its MCP product. This includes replacing some of its DriveTrain lifecycle management components with what it’s developing with Airship.