It is a common misconception that small and medium-sized enterprises (SMEs) are predominantly immune to cybersecurity threats and targeted attacks because of their size.
The thinking behind this is that the effort and time required to go after such a business would not be worth it for the attacker, and that hacker groups and other malicious actors are far more likely to go after large enterprises and organisations due to a bigger payout in the event where the attack is successful.
Unfortunately, this is not the case and we will investigate the reasons behind it, as well as what SMEs must take into consideration to remain safe and secure in the text below.
Low protection makes SMEs victims in waiting
Estimates from research conducted by infosec company Purplesec place the percentage of data breaches by malicious actors involving small to medium sized businesses at a whopping 43 per cent. In other words, 4 out of 10 data breaches involve an SME. Other researchers place this estimate at a much higher percentage. Whatever the exact figure is one thing is for certain: the percentage of cybersecurity attacks that target SMEs is far from negligible.
In addition to that, in terms of the frequency of the attacks against SMEs, 47 per cent of small businesses had a minimum of one incident where they experienced an attack within the past year, while 44 per cent of those companies had between two and four cybersecurity attacks.
One of the key reasons for the high frequency of attacks is the inadequate cybersecurity protection SMEs tend to have. In the same research mentioned above, 70 per cent of small businesses were found to have been unprepared to deal with a cybersecurity attack, while 3 out of 4 small businesses stated that they do not have employees equipped to deal with cybersecurity issues. Moreover, 51 per cent of small businesses stated that they made no budgetary provisions for IT security. Meanwhile, 58 per cent of all successful malware attacks are inflicted on small businesses.
Why aren’t SMEs taking cybersecurity more seriously?
One of the main factors behind SMEs’ lackadaisical approach to cybersecurity is due to the media and what sort of information security-related news generally make the headlines. Predominantly, the average person sees news about a major, global company having suffered a data breach or other cybersecurity attack. In short, the threat of a breach does not feel tangible to the vast majority of small to medium sized businesses.
Hackers and other malicious actors are aware of this and are constantly trying to exploit it. It has been well-documented that hackers utilise automated tools to draw up a list of easy targets for them to attack.
This is done by using specialised software which automatically goes through the web to find companies whose cybersecurity measures are easy to overcome. Criteria which triggers the software to flag a company as an easy target includes software that either lacks security updates and other patches or is entirely out of date; poor password policies which allow for weak passwords; data being allowed to be transmitted unencrypted; poorly configured web ports which allow for packets to be accepted without authorization; a lack of adequate endpoint protection; and more.
While these companies have significantly lower valuations and assets than much larger organisations, the payout for malicious actors is still significant. The reason for this is that while SMEs may be worth less in a more holistic way, their most prized assets can be accessed in a much easier way than those of bigger companies. What this means for malicious entities is that they can get a hold of sensitive data, including credit card details and other personally identifiable information much easier with SMEs. Moreover, they can also hold them to ransom by encrypting their data and disrupting their business in unforeseen ways.
SMEs should aim to instill cybersecurity into their core practices
It is critical that SMEs reconfigure how they perceive cybersecurity security matters and elevate this aspect of the business from an afterthought to a core part of their planning. One way this change in philosophy can be better achieved is if cybersecurity is not viewed as a luxury item, something that can be implemented if there are excess funds and time.
Rather it needs to be seen as something fundamental to the proper running of the business, especially when considering that a potential breach can inflict irreparable damage to the organisation, with possible effects including permanent reputation loss, financial loss, an indefinite suspension of the company’s operations, as well as the endangerment and long-term disillusionment of both the client base, partners and other stakeholders involved with the organisation.
Boltonshield can help your organisation find the solutions best suited to its size and needs
Despite what many organisations may believe, robust cybersecurity measures are not beyond their reach, neither in terms of cost nor in terms of accessibility.
Boltonshield’s experts will consult your organisation on the solutions that best suits its needs, applicable to how the organisation is structured, as well as the specific industry in which it operates in.
Boltonshield can provide your company with endpoint security solutions, securing endpoint devices such as company laptops and preventing them from being infected by malicious parties.
BoltonShield’s endpoint security solutions allow us to detect, analyze, and respond to cybersecurity incidents on all devices regardless of the current network they are connected with, enabling you to safeguard employee devices even when they are being used remotely.
Machine learning technology enables us to detect emerging threats, in real time, mapped in a way that provides total network visibility. This boosts our ability to quickly diagnose potential issues and act accordingly.
You can get in touch with us to find out exactly how BoltonShield can help you by clicking here.
If you want to get updated about our recent publications about cybersecurity related topics, subscribe to our newsletter.