Skip to main content

As the threat landscape changes, small businesses need security simplified

(Image credit: Image Credit: ESB Professional / Shutterstock)

Cybersecurity is a burgeoning business fuelled in part by the increasing volume and variety of threats, including ransomware, spyware, botnets, Trojans, worms and DDoS. At the same time, these threats are becoming more sophisticated in their delivery. It used to be relatively easy to identify a malicious email, but advances in social engineering techniques have made it progressively difficult.   

One might assume that the terminology above is typically associated with larger organisations with treasure troves of data to exploit. And to some extent this is accurate. Earlier this year, various high-profile organisations with national and international footprints were severely impacted by the infamous WannaCry and Petya ransomware attacks.   

However, the target profile is much broader than enterprises alone. Small businesses are, in many ways, at greater risk. Why? Because unlike their larger rivals they often lack the necessary resources and expertise to manage existing and emerging threats. Investing in IT security can be a challenge or simply overlooked, especially when there are so many other things to concentrate on that are seen as ‘essential’ to growth. In some cases, security is a luxury that SMBs can’t afford.   

This has to change. SMBs are an easy target for cyber criminals for exactly this reason. There are more vulnerabilities to exploit and fewer obstacles in place for hackers to navigate. Cybersecurity for SMBs needs to be easily consumable – a responsibility that lies with industry players. We need to cut the jargon and keep it simple for those with limited resources.   

SMBs in the cyber crosshairs    

The scale of the problem was highlighted earlier this month when research from the Federation of Small Businesses (FSB) found that cyberattacks on small businesses now cost the economy over £5 billion a year. DCMS Minister Matt Hancock said: “In the past year, nearly half of small businesses know they have experienced a cyberattack, and many more did, but don’t know it.” 

It’s plain to see why SMBs are targets. At the start of 2016, small businesses accounted for 99.3 percent of all private sector business. Total employment was 15.7 million or 60 percent of all private sector employment. Combined annual turnover was £1.8 trillion or 47 percent of all private sector turnover.

High profile attacks on global organisations are still occurring and will continue to, but in the business of cybercrime, a hundred smaller, easier targets can be just as profitable as a larger, more security savvy one. This puts SMBs squarely in the crosshairs.  

We recently conducted research which found that SMBs struggle to implement much-needed security solutions and policies. Nine out of 10 SMBs believed that IT security will become increasingly important for their business over the next five years, yet one in three respondents had no security projects planned in the near future to continue improving their security infrastructure. 

Today’s threat landscape makes it more critical than ever for SMBs to put proactive and specialised security protection in place. Small businesses need to be aware that they are targets for cybercriminals, both for their own business data and for that of their customers and partners – companies that potentially have access to a much larger network and data repositories.   

Expanding the network 

Just as BYOD expanded the network, and consequently the threat landscape, so too will the Internet of Things (IoT). And all businesses small, medium and large need to be prepared. With more connectivity between devices comes more opportunities for criminals to piggyback from one vulnerability to a wealth of information. 

The number of devices, both in the home and at work, is growing rapidly. Gartner forecasts that 8.4 billion connected things will be in use worldwide in 2017, up 31 percent from 2016. And by 2020 it has predicted this will reach a staggering 20.4 billion IoT devices.   

While this colossal increase is expected to be driven mainly by smart home devices, the office won’t be far behind. Just as personal smart phones entered the workplace, so too will connected devices.    

The benefits granted to small businesses by the collection and analysis of IoT data are admittedly impressive: increased productivity, minimised waste, a better-informed customer engagement strategy, and most importantly, the potential to level the playing field against larger organisations already utilising IoT. Such insights will present far-reaching competitive advantages, if they remain within the organisation’s four walls. Without the right level of network security, this is a big ‘if’. 

The more devices connected to a network means more entry points for those looking to gain access through unscrupulous means. In other words, more devices equals weaker security and this can seriously impact a business’s ability to protect its network. With the number of connected devices seemingly growing every day (ranging from printers, webcams, mobile phones and electronic locks) it’s easy to see how a technology with such promise could contribute to demise. This isn’t to say that SMBs should shy away from the IoT and its benefits, but rather they need to ensure their cybersecurity posture is ready to encompass this expanding network.   

Layered approach    

Cyber criminals are always on the lookout for any opportunity to steal information, accounts, passwords and identities. The fewer security hurdles they encounter, the easier their task. Good business security for an SMB doesn’t have to be overwhelming or intimidating, but it is important to take a step-by-step approach in understanding the potential gaps in security postures and addressing them. 

Having a layered approach to security will help a small business protect themselves from cyber criminals. Implementing technology such as anti-virus, malware and ransomware protection, multi-factor authentication, data and identity protection plus remote management and monitoring can provide the support to safely protect a business.   

In addition to that, culture and education has a big part to play. Encouraging users to use strong passwords and educating them on the common risks associated with cyber criminals will help protect a small business and its most valuable assets.  

Kevin Chapman, SVP and GM – SMB, Avast 

Image Credit: ESB Professional / Shutterstock

Kevin Chapman
Mr. Chapman has over 20 years’ IT industry management experience leading regional and global teams, driving, transforming, and scaling enterprise, SMB, and consumer businesses with revenues between $30M and $2B.