Finally, some good news on the cybersecurity front: Despite what you might think, hackers are not stealing private data more often than they did a decade ago.
That's the finding of research from the University of New Mexico Department of Computer Science, which suggests that while cybersecurity should remain a priority, cyberattacks are not growing unabated.
The study published in the journal Workshop on the Economics of Information Security, "Hype and Heavy Tails: A Closer Look at Data Breaches," provides some reassuring news. This is especially true for entrepreneurs who are trying to protect sensitive information and bolster their customers' confidence that their data is safe in the hands of the businesses they patronize.
The authors reject several industry reports, which they note in their study as statistically misleading. Instead, the researchers offer an analysis of data obtained through the Privacy Rights Clearinghouse (PRC), a California-based nonprofit, to determine whether cyberattacks have truly increased in frequency and, if so, what the scale of that increase is. By using a statistical modeling method known as the Bayesian approach, the authors conclude that the data provided by the PRC shows neither an increase in size nor in frequency of cyberattacks since 2005.
The study also differentiates between negligent and malicious data breaches; negligence implies the data was exposed accidentally through lack of security, while malicious breaches mean a hacker purposefully set out to bypass security measures in search of the data. The authors conclude that negligent breaches occur twice as often as malicious breaches do, meaning such the negligent variety are avoidable if the proper security measures are taken.
The study does not, however, negate the importance of taking cybersecurity measures. The authors estimate there is a 98.2 percent chance that a single malicious security breach will compromise 5 million records within the next three years. The takeaway? Protect yourself, your business and your customers.
It's worth it, given that just one cyberattack could cost small businesses up to $55,000, according to a study from Kaspersky Labs.
The study itself estimates that the overall cost of cyberattacks to individuals, companies and public entities will reach $180 billion in the next three years. Just because cyberattacks aren't a growing threat doesn't mean they are a nonissue, and it certainly doesn't mean hackers should be ignored.
There are many steps small business owners can take to protect themselves. By planning ahead; establishing strong passwords; and investing in firewalls, encryption software and data-backup solutions, small business owners can rest easy knowing they're doing what they must to prevent and, if need be, recover from a cyberattack.
The study was conducted professor Stephanie Forrest, Ph.D. student Benjamin Edwards and Computer Systems Engineer Steven Hofmeyrof the Lawrence Berkeley National Laboratory.