The media focus on high-profile breaches reinforces the perception of many small and medium sized business (SMBs) owners that they will fly under the radar when it comes to being targeted by cyber-criminals. Yet, nothing could be further from the truth. Despite the lack of profile in the media, SMBs remain a prime target for cyber-attacks, particularly as a conduit for supply chain attacks.
In fact, according to recent research from Webroot, there seems to be a shared belief among many SMBs that their size means they are less at risk of a cyber-attack than their larger counterparts. Two-fifths (38%) of respondents say that their business is too small to be targeted by cyber-criminals, which rose to 43% of the largest SMBs (251-500 employees). Similarly, more than a third (36%) of respondents say the size of their business means that they do not have to fully understand cybersecurity.
Worryingly, of the small businesses that had been targeted by cyber-criminals, 70% were used as an entry point into a larger enterprise system they supply to. Nearly half (48%) of the cases negatively impacted relationships with larger business counterparts, with nearly a quarter (22%) admitting they are no longer a supplier as a result.
All businesses hold information that could be compromised and sold, whether it’s commercially sensitive data or employees’ personal details. And criminals are adept at finding information that will bring them profit – ultimately targeting any organization that appears vulnerable. Whatever their size, if a business leaves a door open to cyber-criminals, they can become a victim.
From Business Drain to Business Driver
One of the main issues is businesses’ perception of cybersecurity. Many view the whole premise as a business drain: a tick-box exercise or time and money spent on something that’s difficult to show ROI. Cybersecurity was cited as just one consideration as businesses become more established and grow. SMB leaders say that their biggest priorities are attracting new customers (36%) and increasing business growth and profitability (29%). In fact, only 35% perceive cybersecurity as a significant threat. However, these cyber0threats prove to take up a significant amount of SMBs’ time: where leaders admit they spend almost a day per week (or 18% of their time) on cybersecurity-related tasks.
Ultimately, customer relationships and contracts are on the line, but few businesses focus on effective cybersecurity education for employees. Rather than detracting from growth, cybersecurity investment can be viewed as a facilitator and differentiator for SMBs over the long term. With cybersecurity top of mind, organizations can not only protect their customer relationships and bottom line, but also support wider improvements to their productivity and innovation.
The main cybersecurity priorities SMBs need to consider:
- Education is key: Employees are the first line of defense against cyber-attacks, and it’s clear that naive working practices and behaviors could be putting businesses at higher risk. Boosting awareness of hackers’ tactics can help SMBs ensure that their employees are a security strength, rather than a weakness.
- Recognize the signs: Phishing is a popular technique amongst attackers. As a result, employers need to be confident in recognizing the different types of this attack. Tailored and ongoing security awareness training that includes phishing simulations will help employees know the signs of an attack before it’s the real thing.
- Revaluate your risk profile: Every business has diverse risk factors. If you don’t have the expertise, contact an independent security auditor or a managed service provider (MSP) to help assess your security posture. Work to develop a plan for adequate and ongoing risk mitigation.
- Prepare for the worst: Set-up a data breach response plan that recognizes specific security experts to call, and a communications response plan to warn customers, staff and the public.
Closing Critical Security Gaps
As each year passes, the cybersecurity landscape rapidly evolves. With that reality, SMBs need to keep a pulse on fast-changing threats and put plans in place to proactively shield their data. No matter what industry you’re in or your current technology setup, considering ways to improve your cybersecurity posture is an important investment that can pave the way for a secure future.
Its time SMBs take advantage of their nimbler size which enables them to react more quickly to industry or political change than larger enterprises. In this way, they can more quickly identify and mitigate risk, ultimately protecting the valuable data that they hold. This agility also applies to cybersecurity. Cyber-criminals are constantly developing new attack vectors and seeking ways to profit from businesses of all sizes, but with the right cybersecurity strategy, SMBs can adapt.
With confidence that they are protected, smaller businesses can digitally transform, enhance the experiences of customers and employees, and ultimately secure their success. Size does matter when it comes to cybersecurity, and it can be to SMBs advantage in these times of change.