Picture the scene: The office of a small but successful law firm is broken into. During the ensuing break-in, hundreds of documents relating to both employees’ and clients’ personal data are stolen and presumed available for sale online, including compromising personal information and financial data.
Following an investigation, it becomes apparent that the law firm did not employ basic security controls when attempting to protect their physical premises. No security system, no CCTV, and no “locked doors”, per se. As a result, the clients who once trusted this firm with their data begin a mass exodus, and the law firm find themselves in very rocky waters.
This analogy serves to illustrate a crucial point about the cybersecurity posture for SMEs (Small Medium Enterprises). Statistics show that small and medium-sized businesses are not exempt of being targeted by cyber criminals and can be equally, if not more, affected by an attack that could cause significant operational or reputational damage.
Small businesses are subjected to all types of cyberattacks, which include but are not limited to malware, ransomware, and data breaches. All these result in privacy, security, and operational risks. These attacks may also end in stolen funds, compromised confidential business information, and unauthorised access and disruption of day-to-day operations.
Cybercrime is growing alongside the increased use of the internet and business networks. Today, more than ever, organisations of all sizes rely on their networks, data, and internet connectivity to conduct business. Unfortunately, as a result, sensitive data, intellectual property, and personal information of small and medium-sized firms are targeted by an ever-increasing and sophisticated community of cybercriminals.
Fact is, small organisations, are just as much of a target in today’s cybersecurity landscape as the multinational enterprises who make the headlines.
The Automation Factor
Organisations of all sizes must come to terms with the fact that they are likely to be a target of a breach. Similarly to the global trend of businesses’ digital transformation to improve efficiency or to reach a new customer base, the uprise of Cybercrime is the result of digital transformation of traditional crime methods such as extorsion. Fact is, the weaponization of the 21st century criminal has become another market on its own right. Automated blanket attacks, ransomware-as-a-service offerings, widespread phishing campaigns, and other attack vectors have become part of a “business offering” far from the stereotypical ‘evil genius’ hacker extorting an organisation as an independent actor. Ransomware gangs go so far as to attempt to recruit malicious insiders, as it is growing to become a lucrative market in which there is much money to be made.
According to a McKinsey Global Institute report the internet’s economic impact has been greatest among “individual consumers and small, upstart entrepreneurs”. The internet provides a platform that allows even the smallest firms to have a global impact.
Forbes reported in March that small businesses are more frequent targets of cyberattacks than larger companies, often because cyber criminals assume they lack the necessary means to protect themselves. In the US alone, 60% of SMEs were out of business six months following a cyberattack.
As such, organisations are increasingly realising that the investment in cybersecurity platforms should be considered a cost of doing business, as attacks are now also affecting small businesses who are more vulnerable due to a lack of resources and awareness.
Best practices
As technology continues to evolve, the risk of cyberattacks becomes more extensive and complex, therefore it is crucial for small businesses to look into cybersecurity plans.
Leaders need to remember that, no matter how small they believe their own business operations to be, it will never be small enough to remain hidden from cybercriminals; particularly if their cybersecurity infrastructure falls short.
In today’s world, everything is interconnected and many small firms handle sensitive data or require remote access from their personnel. Therefore, security becomes an absolute priority. Failure to deal with it appropriately could mean significant damage on revenue due to service downtime, loss of brand equity and customer trust, professional indemnity, non-compliance issues, and at worst criminal proceedings.
Business leaders and security teams can work together to make smart decisions that improve overall cybersecurity cultures within their company. One of the considerations they should make is working with a specialized service provider that can protect their digital assets and business interests. An example of this is employing the right cyber security partner to provide sophisticated real-time risk management and bring actionable intelligence to the enterprise where and when it matters the most.
MDR Services available by a Cyber Security provider can protect data, assets and identities in real time, and detect, respond and prevent cyberattacks on a 24/7 basis. This takes the pressure off IT teams and leaders, allowing them to focus on their usual day-to-day tasks, while securing the business from internal and external cyber threats.
