What do the digital age and businesses have in common? Heavy digitization (duh!), and increased cybercrimes. For all the upside opportunities of heavy digitization, one of its rather uneventful spin-offs is the emergence of online businesses as a prime target of cyberattacks.

The Ponemon Institute’s “2018 Cost of a Data Breach Study” found that the average cost of a data breach is now $3.86 million, up 6.4% from the previous year. This means, factually speaking, a cybersecurity breach could prove catastrophic for an online business.

A popular saying goes, “Amateurs hack systems; professionals hack people.”

Smoothly said, but have you seen the information security market? Its projected worth in 2022 is a whopping $170.4 billion. So, it’s fairly excusable that even amateurs won’t turn a blind eye to system infiltration. It’s ‘where the money’s at.’ (quite literally!)

Now, while you may want to argue that not all breaches are money motivated, it may interest you to know that 86% are and only as low as 10% of such breaches are espionage-inspired.

At this point, you might ask, “Why then is the information security market worth so much?”

For one, confidential information is highly valued and dark webs pay ridiculous amounts to get their hands on information like names, credit card numbers, identity numbers, passwords, etc. to carry out fraud, identity theft, and also gain a competitive advantage.

A security breach simply means breaking into a system without authorization, while a data breach refers to a break-in resulting in access to valuable information. For instance, a trespasser commits a security breach but when he parts with your credentials, it becomes a data breach.

The implications of a data breach are steep. Not many businesses survive, in fact, more than half run out of business, especially small businesses.

Sadly enough, most of them fail to take precaution because they place a considerable level of trust in their security system. 9 times out of 10, they find this trust to be misplaced as the sinking paper boat of their security system cripples their operations, costing them millions in fines from data compliance authorities (Hello, GDPR)

British Airways and Marriott are useful examples.

Types of cybersecurity breaches

There are so many ways in which you could potentially have an issue arise with your site’s security, ranging from brute force attacks to mobile redirects and more. Here are a few:

Distributed Denial-of-Service(DDoS):

Consider this a form of peaceful protest. No information is lost, just temporary denial of access to the company’s database. This type of breach is used to curtail the operations of large companies.

DDoS attacks are the second most common type of attack on online businesses. You might ask. How does it work? These attacks involve flooding a website with so much traffic that it can no longer function. This can result in lost revenue, customers, and even jobs. In fact, DDoS attacks cost businesses an average of $2.5 million per day, according to the Ponemon Institute’s “2018 Cost of a Data Breach Study.”


This one pretty much does what it says on the tin. Malware is sent to cause data loss. The term is coined from the words ‘malicious intent’ and ‘software.’ For companies who rely largely on their database, loss of data could result in dangerous consequences. For example, hospitals. Or the Equifax data breach of 2017, where 145 million Americans’ personal information was accessed.

Viruses are dangerous and are commonplace. Some viruses like keyloggers are used to copy user information while they are typing to be used to gain access at a later time. Trojans make up 51.45% of all malware ever recorded.

Password guessing:

Would you call them lucky for guessing correctly? Not if your password is 1234567890, QWERTY, or password (Uhmm, not so smart alec). It’s also worth mentioning that Millenials are faring well in the password Olympics as only 33% of millennials use secure passwords as against 53% of baby boomers.

Companies who leave passwords unprotected are at risk of third-parties meddling and securing these passwords to the detriment of the unsuspecting owners.


The scheme is to gain personal information by posing to be a genuine website having the similitude of some other companies. With their hooks out and a good bait, there are always fishes to be caught; most of the time, it only requires the carefree click on a link by one employee for the hackers to gain access. The numbers show that in 2020, 6.95 million new phishing pages were created. It must have been a feast over schools of fishes for them. For every minute that a phishing attack lasts, about $17,700 is lost to the scheme.


This is a type of breach where the company receives messages from the hacker informing them of the information they have at their beck and a fee that would make them keep the information from the public. Companies lose tons of money to this scheme or, worse still, important information and their reputation.


If you can’t join them, well, there is only one other way, beat them. This category of hackers mines cryptocurrency via their victim’s account by getting them to click on a malicious link that converts their mining code or corrupts the website.

Can you prevent a hacker’s attack?

According to Stephene Nappo, “threat is a mirror of security gaps, cyber threat is a reflection of our weaknesses,” which begs the question of how to bridge these security gaps. Here’s the sitch:

95% of online business security breaches result from a human blunder.

The other 5%? Mere happenstance.

While businesses can wait for a breach to occur before they start to bicker at their IT/security department to do better, here’s our two cents:

There is no foolproof measure of protecting your business from breaches. At least not in this post. But here are a few seemingly ordinary steps that are a good starting point. You can start by taking control of the human factor.

1. Teach your employees to play safe online:

You’ll need to go more than just one cybersecurity training exercise and the odd reminder. Regular training for employees will go a long way in keeping the business out of trouble.

2. Introduce multifactor authentication(MFA) 

MFA is a secured verification procedure that requests multiple proofs of one’s identity before access to the system is granted.

3. Encrypt information and backup:

Think of it as encryption as disguising your activities online. Hackers know how valuable your business’ data is. If you realize this as well, encrypting information should be an absolute no-brainer.

According to researchers in the International Journal of Advanced Computer Science and Applications, should a data breach occur, data encryption remains the most efficient fix.

Make sure any sensitive data, such as customer information, employee information, and business data, is encrypted. Today, full-disk encryption software is included in almost all operating systems, and it can encrypt all of the data on a desktop or laptop computer while it is idle.

4. Firewall:

One of the most effective strategies to defend yourself against any cyber assault is to put your network behind a firewall. A firewall system, which we can assist you with, will stop any brute force attacks on your network and/or systems before they can cause any damage.

It’ll help keep you safe from ransomware and other cyberattacks.

5. Utilize strong internet security suites: 

“I don’t have access to the internet,” said absolutely no one. And that’s where the problems begin. Your online business needs antivirus software and a vibrant security program. This will help to prevent accidental downloads/installs, login, and clicks on malicious content.

One of the safest things you can also do for your online systems is to secure and hide your wifi networks. Thousands of devices that can connect to your network and compromise you are becoming available daily as technology advances.

6. Passwords:

Having strong passwords unique to each software is a great favor you’ll be doing for yourself and your business. You can take it a notch higher by changing these passwords frequently. Cyberpunks don’t snooze. Neither should you! You may want to request the same of your customers. You can do this by authorizing your developer to set minimum characters and strong password suggestions for your customers.

7. Oversee access to your systems:

Identity theft can ruin the years of building a business in a split second. Maybe not so fast, seeing as most breaches are discovered within 208 days.

To keep yourself and your business safe, be proactive about what information you share as harmless as they seem and with whom you share them. Bridling your social media content or personalizing settings is a good place to start.

8. Protect your customers:

You can make use of a Secure Sockets Layer (SSL), which ensures that customer information is protected while they surf the site. Http has been updated to HTTPS and this makes it a lot easier to trust sites.

Do not build castles in the air telling yourself how safe your business is. The carousel never stops turning, and according to statistics, your business will get served on a platter in due time. Best be prepared enough to stall it or become the extreme exception.


Let’s face it — it can be tough to know where to start when it comes to defending your organization against cybercrime and cyberattacks. There’s so much information overload out there that it’s easy to feel overwhelmed, especially when it’s contradictory.

You require a solution that is appropriate for both your company and your employees. Get in contact with us immediately for a free cyber security evaluation. We can assist you in getting started on your path to security.

To learn more about how Hermes Security can assist you with securing your network and preventing cyber threats, contact us today.