Cyber threats are no longer just a concern for large-scale enterprises. Small and mid-sized businesses (SMBs) are now exposed to such threats as well. Earlier this week, Cisco published its SMB Cybersecurity Report which suggests that all organizations, no matter what their size, are at risk of cyber attacks.
Cisco’s report stated that more than half (53%) of SMBs have experienced a data breach in the recent year with the costs of the breaches going as high as $2,499,999. These are alarming statistics for SMBs who have not yet realized how threatening cyber attacks can be. The SMBs are attractive prospects for attackers because they do not allocate massive budgets to fortify their security, unlike enterprises.
In its report, Cisco gathered information from 1816 SMBs spread across 26 countries to show how these midmarket businesses face the same cyber threats as their enterprise peers. With up to 5000 security alerts per day, it is almost as if SMBs are now a stepping stone for attackers before they move on to enterprises.
When an SMB experiences a cyber attack, it results in both financial damage and reputation damage for the business. According to the 2018 Security Capabilities Benchmark Study by Cisco, 54% of all cyber attacks result in a loss of over $500,000 which includes lost revenue, opportunities, and customers among other costs. The SMB Cybersecurity Report states that 29% of the SMBs reported to have paid under $100,000 after a data breach and 20% said that it had cost in between $1000,000 to $2,499,999. Not to mention the fines that might be imposed on these SMBs if regulators are notified and a breach of regulations is found. Recovering from these huge losses is almost impossible for small and midmarket businesses which means that a cyber attack can literally put you out of business!
Types of Cyberattacks on SMBs:
There are various kinds of cyber attacks which include phishing, insider attacks, and denial-of-service attacks. SMBs will generally have basic security measures in place which will help prevent some attacks but they are not effective enough against advanced cyber attacks. The Cisco report states that SMBs reported targeted attacks against the employees such as phishing campaigns (79%), advanced persistent threats (77%), and ransomware (77%) were the most concerning types of attacks for the SMBs.
The SMBs further reported that 0.5% of their employees were likely to be involved in insider attacks i.e. deliberately enabling access from the inside of the company. This does not seem very alarming, but you need to consider that at least 3 employees out of your company of 500 can shut you down with the press of a button.
After-effects of the Data Breaches:
SMBs are not as resilient as enterprises when handling cyber attacks and thus the after-effects of the attack can be severe. The report by Cisco stated that 40% of the SMBs experienced an average downtime of 8 hours or more after a data breach, while 41% of them experienced a downtime of more than 1 hour. Not just this, but since SMBS do not have distributed systems and a cloud infrastructure in place, a data breach is likely to damage a high percentage of their systems. The study confirms this by stating that 39% of SMBs reported having more than 50% of their systems affected.
Preventive Measures that SMBs can take:
Unlike enterprises, SMBs cannot afford to have huge cybersecurity budgets and an in-house security team. This means that these businesses will always be more prone to cyber attacks than their larger counterparts. However, Cisco suggests that these SMBs can make a number of incremental changes to reduce the risks. 68% of SMBS believe that the cloud offers better data security and taking the next step towards cloud might be a sensible move. In 2014, only 55% of SMBs hosted some part of their network on the cloud but in 2017, this number increased to 70% which shows that the cloud adoption rate is increasing.
As preventive measures, 19% of SMBs will make use of an advanced Endpoint Detection and Response (EDR) system, 18% will use better web application security against web attacks, and 17% will deploy intrusion prevention to stop exploits. Furthermore, 57% of SMBs are likely to turn to outsourced partners for advice and consulting on security.
An immediate step that SMBs can take is to raise security awareness within their organization. A golden opportunity for this is coming up ahead with the European Cyber Security Month (ECSM) and National Cyber Security Awareness Month beginning from next week.
To sum it up, SMBs are now facing increasing cyber threats and need to take measures to bolster their security. Even though there is no silver bullet solution to cybersecurity, SMBs should aim at evolving their security continuously by looking at others in the industry and making the required incremental changes.