Cybersecurity for small and medium businesses: The next frontier?
By Shibu Paul
The increasing number of reports of cyber crimes involving small businesses shows that criminals are shifting their focus. Now, banks, financial institutions, and large corporate houses are not their only target, but also easy prey, like small and medium businesses (SMBs) and the common man.
SMBs are important for every country since they make up more than 90% of commercial enterprises. After the pandemic, SMBs are facing increasing cyber threats as they are more connected today—not just with their customers and larger enterprises, but also with government organisations. Easy availability of low-cost cyber weapons has led to a surge in phishing attempts, malware, ransomware, attacks on improperly secured Wi-Fi and payment frauds.
AWARENESS NEEDED
According to research, over 50% of the SMBs surveyed—companies with 100-1,000 employees—
reported some kind of data breach or cyber attack over the past year.
Although SMBs are more aware about cyber threats now, a recent survey shows around 60% SMBs do not consider cyber attacks a huge risk for them and about 40% do not believe that strong security is a priority. The average cost of a cyber attack for an SMB last year was over $8,000—a significant amount for any small business.
Earlier, employees could simply walk up to the IT personnel in the office if they suspected any abnormal activities on their devices. But, with remote working, employees cannot get expert help immediately.
Many remote employees are not even aware of the security protocols on their devices. Most of the time, employees form the first line of defense against phishing or malware attacks. So, continuous training and awareness are of the utmost importance.
CURRENT SOLUTIONS
The cybersecurity industry is yet to crack the SMB market. It has been selling successfully to large government and private organizations, but the SMB market has remained untouched.
The main reason for this is poor awareness and misplaced beliefs, like ‘cyber security is needed for banks and large businesses, not for me’ and slow adoption of cyber solutions by the sector. Most SMBs also find it difficult to pay huge amounts to buy the best cybersecurity solutions.
Besides, there are the technical difficulties of setting up and maintaining these solutions. Most SMBs have almost no technical knowledge to operate the solutions. Customized solutions for smaller businesses are few and far between. Very few cybersecurity companies have developed solutions exclusively for SMBs and even those that have, have not been commercially successful. Even today, most SMBs only use Antivirus.
A list of the most essential cybersecurity technologies:
▪ Password protection / management
▪ VPN and other secure Web gateways
▪ Anti-malware
▪ Client firewalls
▪ Intrusion detection and prevention
▪ Automated patch management systems
▪ Anti-denial of services
▪ Encryption technologies
▪ Web application firewalls (WAF)
FUTURE SOLUTIONS and; TRENDS
TO IMPACT THE SMB MARKET
Because of the size of this market, it is quite certain that this lucrative space will attract the attention of security vendors. But the security solution providers have to understand the differences between small and big enterprise customers and bring about novel technology offerings specifically for SMBs. Some precautions can help organizations avoid cyber attacks like multi-factor authentication and limiting access.
Multi-factor authentication: Adopting strong passwords is not enough, so companies should follow multi-factor authentication to verify users requiring codes or biometric scans for an additional protection layer. A measure as simple as this can provide huge results. Reports show that multi-factor authentication can block almost 99% of account compromise.
Limiting Access: Limiting the authorization of payments, organizations can bring down vulnerability possibilities. Dual approvals can help foil attacks too.
Cloud Solutions: SMBs have been quick to adopt Cloud solutions and over 60% of SMBs in the US use some Cloud solutions. Greater Cloud adoption will allow the implementation of Cloud-based solutions, like secure e-mail services, secure storage and Cloud Access Security Broker (CASB) solutions.
Managed Solutions: Additionally, trends show that SMBs want to shift their cybersecurity operations to an external party. An MSSP may be too much for a local grocery store, but it can be a great solution for a small or medium business.
Cyber Insurance: Cyber insurance could be the driving force behind cybersecurity adoption by SMBs. Insurance policies are becoming more common for them, and insurance companies will soon start joint offerings of insurance plus security—along with top security companies or MSSPs.
The importance of a robust cybersecurity plan is not only limited to large companies; small businesses are equally on the radar of these cybercriminals. While it may seem hackers don’t have much to gain by infiltrating small businesses’ networks, the truth is quite the opposite. If healthy cybersecurity measures are not adopted, it could cripple businesses’ intellectual property and sensitive and confidential customer information.
Thus, regardless of the company’s size, cybersecurity should be a non-negotiable priority to protect your business and customers’ sensitive information and trust.
The author is vice president, International Sales, Array
Gloss