SMB & Cybersecurity

The challenges faced by SMBs in terms of cybersecurity: how to adopt a more secure posture?

The growing importance of ICT and the internet proved to be extremely relevant for SMBs to continue their business during the covid-19 crisis. Actions such as adopting cloud services, the improvement of Internet services, the need of updating websites, and the alternative of teleworking were measures implemented in the last two years by many organizations.

Although SMBs have run to new technologies to maintain their business, many organizations have not increased or even incorporated adequate security measures in relation to these new systems.

According to a recent study by ENISA, where 249 European SMBs were surveyed, 85% of organizations agree that a cybersecurity issue would have a negative impact on their business and 57% say that they would most likely have to close down if they were attacked, 36 % reported they experienced a cybersecurity incident in the last 5 years.

Recent data from the National Cybersecurity Center (NCSC) show that one of the main victims of threat agents in Portugal are SMBs.

Nowadays, cybersecurity has to be an operational priority in the management of companies. Increasingly, we have (inter)national examples of cybersecurity attacks that cause data loss, service and operation interruption, affect the company’s reputation, and ultimately force organizations to shut down, especially small and medium-sized companies that, oftenly, do not have the human and financial resources to respond to cybersecurity incidents adequately.Some Cybersecurity Challenges SMBs Fac

Some Cybersecurity Challenges SMBs Face

SMBs face cybersecurity challenges on many fronts, however, as per Verizon’s latest data intrusion investigation report, 85% of intrusions involve a human element.

For example, according to the 2021 Risks & Conflicts report, by the National Cybersecurity Center (NCSC), there is a 3% growth in email use (receiving and sending), from 84% in 2019 to 87% in 2020.

Malicious activities such as phishing, malware distribution, fraud/scams most often occur through email.

As per the ENISA study, phishing attacks are the most common incidents that SMBs are exposed to, in addition to ransomware attacks, stolen laptops, and CEO fraud also known as“Business Email Compromise” (BEC).

Due to the concerns induced by the pandemic, cybercriminals seek to compromise accounts and it has been very common to use the topic of covid-19 as an email subject to get the attention of users.

CEO scams are another type of attack where a cybercriminal uses the identity of someone belonging to the organization. In this way, a cybercriminal who assumes, for example, the identity of the CEO, will be able to make requests to the users of his organization, via email, with the ultimate objective of making bank transfers, the propagation of ransomware attacks, credentials theft, etc.

Furthermore, according to a recent ENISA study, SMbs face the following cybersecurity challenges:

  • Low awareness on the importance of cybersecurity;
  • Inadequate protection for critical and confidential information;
  • Lack of budget to cover the costs of implementing cybersecurity measures;
  • Low availability of experts and analysts specialized in cybersecurity;
  • Absence of appropriate guidelines for the SMB sector;
  • Higher exposure to attacks due to online operations;
  • Low support from the company’s management;

But how can SMBs face and overcome these challenges?

#1 Cybersecurity Awareness in the Organization

It is important that the entire hierarchy of the organization is aware of cybersecurity crimes. Employees play a key role in the cybersecurity ecosystem. It is extremely important to educate and make employees aware of the company’s cybersecurity policies.

#2 Digital Hygiene

Let’s use an analogy to think about the company’s digital hygiene. Think about your own personal dental hygiene, brushing your teeth prevents cavities and other dental problems, digital hygiene are small actions that can be done to prevent cybersecurity attacks, for example, updating user passwords regularly.

Improving digital hygiene rarely requires a large financial investment, and it can help improve your cybersecurity posture.

#3 Enable available cybersecurity features

Whenever possible, use two-factor authentication. It is an additional layer of security designed to ensure that the user is the only person who can access the account, even if someone else knows the password.

SMBs should ensure their firewall, antivirus and antimalware are up to date and properly configured. Together, these cybersecurity resources can help you keep your organization safe.

#4 Look for an expert cybersecurity partner

Small and medium-sized businesses cannot afford to ignore cybersecurity. Being prepared to identify and respond to threats is essential to staying competitive and can, in many cases, even be a matter of survival.

Most small and medium-sized companies do not have the resources (human and financial) to create and manage a Security Operations Center (SOC) that allows real-time detection and response to threats, a centralized and comprehensive view of postures, security and 24x7x365 monitoring (because cybercriminals don’t work from 9am to 5pm). For these and other reasons, hiring a Security Operations Center (SOC) is an attractive solution for SMBs.

Hiring a SOC-as-a-Service allows access to certified cybersecurity professionals, 24 x 7 x 365 monitoring, threat intelligence, duty segregation and reduced operating costs, without the need to make large investments in specialized technology or hiring a team of specialists.

Getting help from companies specialized in cybersecurity and SOC-as-a-Service is an added value and can avoid legal costs, reputational costs, loss of customers and interruption of business continuity.

To learn more about cybersecurity services for small and medium businesses click here.