Attackers are targeting Small Medium Businesses (SMBs), who often don’t have the right defences in place and often believe they do until it’s too late.
Small and medium-sized businesses often believe that their data and networks are secure because they have firewalls and antivirus solutions in place. This assumption is incorrect; SMBs are often the target of attackers because they have minimal protections in place. Unfortunately, most SMBs don’t have the budget available to purchase, implement, and support advanced security solutions.
Attackers are targeting SMBs, who often don’t have the right defences in place. Firewalls and antivirus solutions give SMBs a false sense of safety, making them believe that these tools will protect them from attacks. But they don’t.
In 2016 alone, SMBs were the victims of 61% of all data breaches. Data breaches can be deadly for an SMB. After experiencing an attack, 60% of SMBs shut their doors within six months; they lose business because customers don’t trust that their data is secure.
And the threats aren’t diminishing. Attackers are constantly evolving their tools and methods to exploit vulnerabilities, and only need to find one weak spot for success. SMBs need to protect their entire IT ecosystem even as these threats constantly evolve.
The increasing number of security tools and the shortage in IT security analysts coupled with SMB budget constraints—often leave smaller businesses with limited protection.
We can help.
And with this in mind, enjoy our roundup of stories for this week…
Nine SMB Security Trends
SMBs understand they have to focus more on cybersecurity. Here's a look at the areas they say matter most. Two recent surveys offer insight into why small to medium-sized businesses (SMBs) are taking security more seriously.
In one study, by Webroot, 600 IT decision makers pinpoint their top concerns (think: phishing and ransomware), as well as areas where they are becoming more relaxed, due largely to increased security awareness and training, as well as much-improved access control management.
The other study, by Kaspersky, examines IT budgets and high-level staffing considerations, given that "most SMBs can't afford a full-time CISO.
9 SMB Security Trends | DARKReading
Six Tips for Shoring Up Your SMB Security Strategy
Small- and medium-sized businesses (SMBs) are often characterized by their abilities to move quickly and remain agile. Without an excess of layers or restrictive processes to bog down decision making, small teams or groups of individuals can easily pivot and make substantial adjustments to the business on an as-needed basis. That said, for all the benefits an SMB may offer, larger companies have the advantages of more staff, bigger budgets, and an extensive pool from which to draw lessons learned.
Create an incident response plan
Instead of modelling the most comprehensive IR plan you can find online, start small and create a barebones plan that outlines who is responsible for what if a security incident is identified, whom to call (external resources: law enforcement, forensics investigators, etc.), and what your communications strategy will be (internally, if network resources/applications become unavailable; externally, if necessitated by compliance or responsibility to shareholders and customers).
Patch management is a controversial topic regardless of your company’s size or resources, but all security wisdom says to install critical updates regularly and quickly. While it might not be possible for an SMB to tackle a complete patch management program, make sure vendor-issued updates are handled forthwith. Unpatched systems and software continue to be some of the most common entry points for attackers, so cut off some of that low-hanging fruit and raise the bar for exploitation..
Back up your data
With all of today’s cloud options, maintaining current backups is neither a monumental nor an expensive task. It can, however, save your company from enormous headaches, loss of productivity, and costs to recreate your data if you’re the victim of a ransomware attack or other cyber-attack that renders systems unavailable, or if a natural disaster strikes. Consider backing up business-critical data nightly to remote, secure locations, and develop a weekly or monthly backup plan for other data which, if lost, won’t cripple normal business operations
Run vulnerability scans
Any die-hard security professional will tell you that running a network vulnerability scan doesn’t equal a thorough security program—and that person would be right. But for SMBs with limited resources or in-house expertise for penetration testing, using a free vulnerability scanner will help identify some of the most obvious vulnerabilities in your network. Granted, you can’t leave this task to your water cooler vendor, and if the company can’t fix any found vulnerabilities the activity will be for naught. But for SMBs with some capability, running scans regularly and attending to identified vulnerabilities can help harden your network against the most obvious attack opportunities.
Write a security policy
n this day and age, every company should have a strong security policy it reviews then distributes to all employees and current contractors on a yearly basis. This policy should include acceptable use (e.g., strong passwords, different passwords for personal and business use, 2FA/MFA, least privilege, no removable media, etc.), and simply state repercussions for failure to comply. Write your security policy in such a way that it recruits security advocates rather than drops the hammer on dissenters. Especially for SMBs with small security teams, it’s imperative to accept the help you can get instead of isolate anyone who isn’t security-savvy.
Talk to an MSSP
SMBs often think that outsourcing work to a service provider is out of reach financially. “Consultant” carries a certain association that implies “budget busting,” but the reality is that managed security service providers (MSSPs) can offer a level of expertise and economy of scale that may be unattainable for the SMB to build in-house. Keep in mind that MSSPs are specialists in operational security, and they bring with them a worldview of vulnerabilities, threats, and how to handle cyber incidents. Plus, in addition to handling your day-to-day security, an MSSP can be an invaluable partner during and after an active incident when/if need be. They’re the “been there, done that” team that can soothe the hassle and lessen the costs of cleaning up after an attack.
Six Tips for Shoring Up Your SMB Security Strategy | Katherine Teitler
Ten Cybersecurity Steps Your Small Business Should Take Right Now
The Small Business Administration (SBA) is the US government agency dedicated to providing concrete help, training, and recommendations that small businesses can put into practice right away in their day-to-day operations. To that end, rather than just offer pie-in-the-sky security trends, today's SBA cybersecurity panel gave SMBs concrete tips, resources, and steps they can take to mitigate security vulnerabilities and put a comprehensive security strategy in place.
10 Cybersecurity Steps Your Small Business Should Take Right Now | Rob Marvin