We’ve posted on the blog previously explaining the process and benefits of API key management as a security solution. But as a refresher…your data is collected, encrypted, and stored online. This data, though encrypted, is only as secure as the API keys which allow access to it. It is the case, then that, your encrypted data is only as safe as the keys which protect it. If an attacker is able to access an API encryption key, then they have the capacity to access large collections of stored data.
Even as increased attention is trained on cybercrime and data breaches, many small businesses assume that these sorts of attacks are leveled only against larger corporations. It is true that the biggest news and largest breaches always occur within large businesses, but this does not mean that small to medium sized businesses are off the hook. In general, including both large and small businesses, 78% of organizations experienced a data breach in the past two years. Kaspersky Lab and B2B International surveyed 5,500 companies and found that eighty-eight percent of small businesses (businesses employing 1,500 or fewer) had suffered a data breach which cost their company.
Because small businesses tend to have weaker cyberdefense they are often more attractive targets for attackers than larger organizations with complex security systems. A variety of different cyber attacks are leveled against small businesses. Malware can be introduced and quickly spread throughout a system by way of an email attachment or software download. A single third party phishing attack and a negligent employee can impact an entire network. A distributed-denial-of-service (DDoS) attack can overload a smaller system and render it useless. The list of attacks goes on and on and is only growing. In our current climate it is increasingly naive to think that secure passwords and basic security training are the only necessary precautions for small businesses to take in order to avoid catastrophic security breaches.
Not only are small businesses as vulnerable as larger organizations to security breaches, but the results are often all the more devastating. The report from Kapersky demonstrates that, on average, recovering from a security breach costs small businesses $38,000. It is estimated that cybercriminals steal one billion dollars every year from small and medium-sized businesses in the U.S. and Europe. The cost incurred by these breaches are not straightforward or simple either. They often continue to accumulate and many businesses end up folding. In fact, 72% of businesses that suffer major data loss shut down within 24 months. The costs come in the form of lawsuits from clients, in lost business as reputations are tarnished by word of the breach, and as a result of long periods of downtime while businesses attempt recovery. For many small businesses these costs in aggregate are more than they are prepared to afford.
These problems can be avoided if small to medium sized businesses would take active precautions. Lockr’s service is an example of the sort of precautions organizations are choosing to employ in order to avoid irreparable damage in their future. Lockr’s service stores API encryption keys safely offline and out of the reach of attackers, thus ensuring that all of a company, and their client’s, data is safe and secure. It is no longer a “calculated risk” to avoid putting such security measures in place. It is now more likely for a small business to incur some degree of data breach than for them not to. Take active steps today to ensure you will not be sorry tomorrow. With smart security measures in place you can stop worrying about your data and focus on what it is you do best.