Most business owners rely too much on their cybersecurity stances for small businesses. Two-thirds of high-level decision-makers who participated in a 2019 survey said they did not believe the small and medium-sized enterprises (SMEs) for which they are responsible would be the victims of a digital attack. Within this dominant view, many of the respondents did not consider the cybersecurity of small businesses important. Therefore, they had no plan to protect their employer from digital attacks. Only 9% of respondents cited digital security as the most important factor facing their SMEs; twice that number ranked digital defense as less important. At the same time, 60% of business leaders revealed that they did not have a cyberattack prevention plan. A quarter of respondents said they would not even know where to start with SME cybersecurity.
What is behind this bravado?
There is a tendency for SMEs to underestimate their digital security risks by thinking that digital attackers are inclined to go only to companies. But don’t let that bragging trick you. It does not reflect the reality of small business cybersecurity.
The truth is that the most common threatening actors behind cybersecurity risks occur after SMEs in nearly half (43%) of digital attacks, CNBC reported in late 2019. So it’s no surprise that two-thirds of SMEs worldwide had actually reported a digital attack the previous year. (It was even higher for U.S. companies at 76 percent, the Ponemon Institute and Keeper Security noted). These attacks ended up causing data loss in 63% of cases.
The problem is that SMEs do not have cyber insurance and other means that can help them absorb the estimated price of $ 200,000 for data breach. In response, 60% of SMEs that have been the victims of a data breach end up closing six months later, Inc reported.
Don’t forget about the influx of new technology
The point is that SMEs downplay the importance of cybersecurity for small businesses, even as they expand their attack surfaces.
Sometimes they know what’s going on, while others don’t. Take cell phone use as an example. About half (48%) of respondents said they used mobile devices to access more than 50% of business-critical applications, the Institute and Keeper Ponemon reported. It is one percentage point less than respondents who realize how this practice undermines their cybersecurity stance on small businesses.
However, it is a different story with the Internet of Things (IoT) devices. Four-fifths of respondents in the same study said their SME had suffered a security incident as a result of an unsafe smart product. However, only 21% of respondents revealed that they actively monitor their company’s IoT devices for security risks.
The Door’s Wide Open
The findings discussed above provide a snapshot of how entrepreneurs think about the cybersecurity of small businesses. In the case of mobile, they have employees who know how to go against best security practices. With the IoT, they have not yet acted on the risks that have helped produce incidents in the past.
Together, these forces leave the door open to all sorts of threats to ravage SME networks. The main one is ransomware. Information Security Buzz noted that more than half (55%) of ransomware attacks now involve companies with less than 100 employees. Part of the reason why this is so is because SMEs do not have adequate data backup solutions. Ransomware attackers estimate that small businesses will be more inclined to pay the ransom.
The way forward for the cybersecurity of small businesses
The cybersecurity of small businesses will not change unless someone at the top supports it. For many, this support is lacking. About a third (32%) of SME respondents in a 2020 study cited budget shortfalls as the biggest barrier to digital security.
Therefore, someone from IT or security may need to try to get the C-suite entry to review it. People trying to change this can start by trying to orchestrate their questions around areas where the company already expects to see growth. This could make it easier for executives to approve funding in these areas.
But first they must understand what is being said. Therefore, it is crucial that people who advocate for better protection speak the language of risk. Use metrics that illustrate how certain cybersecurity threats to small businesses undermine the entrepreneur’s business goals. This could include creating a proof of concept for a proposed solution or process. It should show how you can save money and time in business.
With this purchase from above, you can focus on the basics of cybersecurity for small businesses. Consider using asset discovery tools to create an inventory of all mobile devices, IoT products, and other networked hardware. They can then use network segregation, security settings management, and other controls to monitor these devices within their own network zones. It could also involve pairing tools with data backup tools to limit the potential scope of a successful ransomware infection.
Keep employees in the loop
At the same time, they will want to make sure their employees know what is expected of them. To this end, they can create a training program on cybersecurity awareness for small businesses. Regular training will not only keep employees familiar with their employers ’policies, but also keep them informed about some of the new types of attacks on nature.
Of course, not all SMEs will know how to do this kind of thing on their own. That doesn’t mean they have to give up, though. It just means they could be better off working with a managed security service provider that has a history of helping SMEs protect their networks while driving the growth of their business.
No one is too small for the cybersecurity of small businesses
SMEs are an attractive target for actors in digital threats. Like large companies, they contain personal data, IP and other sensitive information. However, they may not think it is necessary to protect him despite having suffered an attack in the past.
In the end, there is no room for overconfidence when it comes to cybersecurity for small businesses. No business is too small to be objective. Therefore, it is essential that SMEs make some changes and take security seriously in 2021.