RCR 004: Small and Medium Business Statistics - CISSP Training

Description:  

Shon Gerber from ShonGerber.com reveals to you the steps each week the information you need to best protect your business and reduce your company’s cyber risk. Shon provides cybersecurity for business training and how you can begin to address the cyber risk for your daily business.

In this episode (Part 2), Shon will address, the Small and Medium Business Statistics that you need to consider in an attempt to help quantify the risk to your company. This training is important for all companies, but more especially suited for Small and Medium-sized businesses.

Transcript:

Europe and Asia but bottom line all within this bucket data SMB so small and medium-sized businesses 28.2 million of these are actually small businesses so that means just a very few number of people that are actually using lising approximately 50% of our gross domestic product falls in the small and medium size business category so just can't give you a point that that a large part of our GDP of the United States GDP is due to these small and medium-sized businesses 50% of all employees come from the target audience potentially being attacked this is a very substantial group of people a large group of people what size businesses this is number that I was able to get off the internet is about less than 250 people but it's in that two significant portion of the business within Europe do you really want to care what is the end of the day it's reputational issues awesome business right you given everything you have and so many cases in these small and medium-sized businesses they have given everything to make this work well in examples Target Home Depot Healthcare Solutions institutions if something happens to you when you get hacked it will affect your bottom line Target they got to hack it in the by the time it was all said and done they say that that hacks on target from an HVAC so basically heating ventilation and air-conditioning vendor cost them close to 750 million dollars Home Depot very similar the seven hundred million dollars just just do the reputational these all those things to go with it compliance and Regulatory issues now if you got a business and you're working with the government or in many cases you you just supply products lose gdpr for example that's the general data General data privacy regulation very specifically for anybody in the EU and if you're selling stuff to people and base or not is selling stuff just collecting information on people you have to fall under gdpr what is it is a lot of requirement to go around it companies that's for companies that live in United States or in China whatever but they serve European people so again that's another one HIPAA for United States the health insurance portability and accountability Act PCI with your payment card industry standards again a lot of these regulatory issues that are designed to protect the consumer is the third bullet results in legal issues do you end up entering the legal settlement because of this that's why people recommend some sort of cyber Insurance because of this reason you're going to have to deal with words one way or another so this whole piece of it is is you should care if you got a small medium sized business if you don't care about it you're setting yourself up for disaster in Alaska want to say is I got this from the National Business Association United States is over 60% of businesses that get hacked will be out of business if your business is hacked you were done my dad's got a good example of an insurance company here in the United States and then he's been doing 50 years that business you would lose everything so what would happen it would go away and all of his wife work if you just go up in smoke because of something so simple as cybersecurity right and end yet as we can I go yeah yeah yeah you can try it but either hide at some point you will pay the piper on them so the huge problem with the small and medium size business space why is it a big problem well bottom line is you guys don't have the expertise needed to help protect your business in a meeting with the one of my vice presents for my company that's talking a little bit about this we start talking about the recent hack that occurred with Department of Homeland Security in place to protect their Enterprises safe from a big Enterprise standpoint may not equate to the same as of dealing with a vendor so what happens if vendors are allowed in a small and medium size business Enterprise is there a small medium sized business and you're using these Boutique shops to help take care of your stuff are they really protecting you maybe maybe not really consider if you got a small B vendors to help support your it functions lack of money and resources is another one that's like everything right you can't ever thrown up money and stuff and I will say from the Air Force damn point I get through billions of dollars and stuff and yeah that'll keep the majority of the people out but the good ones are really good are still going to get in the matter of time but you'll get in there there's almost no we're out there that you can say I can say never again I can't say never cuz I'm sure there's something situation but it's just a matter of time if people are involved hacker can get him they don't think it's going to happen to them the guy down the street is going to get hacked not me until it happens to him right and then once it happens it's like OMG what am I going to do right so so we talk about is an SMB is a small medium sized business what are some of the things you need to be aware of the overall risk okay you got to know that you small and medium business I mean all businesses are targeted but if you're a small or medium sized business why do I say that because guess what I would go after you because you're not protecting is the same as you are Enterprise and you've got lots of stuff that I could turn around and sell Packer do they're going to go after it there lazy easy target the people at that won't put them in jail Enterprise usually have a train of lawyers that can I come after me they know the FBI doll these things can happen when you go after a small and medium size business they may not have the resources to be able to come after me. Granted I can pass it off of the FBI but that doesn't mean they're going to the part that you got to consider small and medium-sized businesses are especially vulnerable now you need to understand what do I do to fix it can you delete a column Frameworks but I'll just be honest most cyber security people sent most is not a rightward many cybersecurity people they are huge smart big brain people just showed that my education about the third grade level what happens is the language is a bit complex and honestly confuses me hangover I will try to address them if you have any issues you just quit email me let me know but bottom line is that there are different things in place that you can use right now to help protect your business that I provided to you by the government we call those are Frameworks and they're basically guidelines are guidepost on what you can do to properly secure your network is a good example yet ISO 27001 which works primarily a lot with international business nist National text Anderson technology they have a cybersecurity framework that right there can walk you through what can you do and I'm going to focus on my training and and through podcast that I put together on the cybersecurity framework why isn't reality is a relatively simple framework that if you follow it it will help you substantial