SMBs and Cybersecurity

Why SMBs are Prime Targets for Cyber Criminals Today

You might think that only big companies can have trouble with data security and data breaches. It’s not entirely true. While the big cybersecurity scandals revolve around big corporations, SMBs are just as vulnerable if not even more.

Research made by companies like Proofpoint has shown that there is zero correlation between who threat actors target and an organization’s size or industry. Thinking that you are too small to be a target is a mistake. 

Don’t think you’re in danger because you’re “small” and not a big company like Experian, J.P. Morgan or Target? That you have “good” people and protections in place? That it won’t happen to you?

That’s EXACTLY what cybercriminals are counting on you to believe. It makes you easy prey because you put ZERO protections in place, or grossly inadequate ones.

Right now, there are over 980 million malware programs out there and growing (source: AV-Test Institute), and 70% of the cyber-attacks occurring are aimed at small businesses (source: National Cyber Security Alliance); you just don’t hear about it because the news wants to report on BIG breaches OR it’s kept quiet by the company for fear of attracting bad PR, lawsuits and data-breach fines, and out of sheer embarrassment. 

In fact, the National Cyber Security Alliance reports that one in five small businesses have been victims of cybercrime in the last year – and that number includes only the crimes that were reported. Most small businesses are too embarrassed or afraid to report breaches, so it’s safe to assume that number is much, much higher. 

Are you “too small” to be significantly damaged by a ransomware attack that locks all of your files for several days or more? 

Are you “too small” to deal with a hacker using your company’s server as ground zero to infect all of your clients, vendors, employees and contacts with malware? Are you “too small” to worry about someone taking your payroll out of your bank account? According to Osterman Research, the AVERAGE ransomware demand is now $84,000 (source: MSSP Alert). It’s also estimated that small businesses lost over $100,000 per ransomware incident and over 25 hours of downtime. Of course, $100,000 may not sink your business, but are you okay shrugging this off? To take the chance?

Yes, It CAN Happen To YOU And The Damages Are VERY Real

You might already know about the escalating threats, from ransomware to hackers, but it’s very possible you are underestimating the risk to you. It’s also possible you’re NOT fully protected and are operating under a false sense of security, ill-advised and underserved by your outsourced I.T. company.

In fact, if they have not talked to you about the protections outlined in this report, or about putting a cyber “disaster recovery” plan in place, you are at risk and you are not being advised properly.

This is not a topic to be casual about. Should a breach occur, your reputation, your money, your company and your neck will be on the line, which is why you must get involved and make sure your company is prepared and adequately protected, not just pass this off to someone else.

SMBs require enterprise-class security solutions just like the big players on the market. The biggest security risk for these companies? The people.

Analysis has shown that the people working for SMBs are targeted mostly through e-mail. 90% of the security attacks begin with an email which uses social engineering, relying on employees to click on a link or run a code or even worse give up credentials.

SMBs are prime targets because:

Low Budgets

SMBs usually have less money to spend overall and in the greater scheme of priorities some needs might not feel as important. It’s not true. Having a secure environment and securing your work from cyberattacks can help you not lose money.

Security breaches cost money. A Lot of money. From the money you might lose while you fix what has been broken and get your operations up and running to potential legal fines.

So, even though you might not see security solutions as important, you might want to start

People issues

When talking about security issues we circle back to people. They can be both strengths and weaknesses in the war against cybercrimes. 

Smaller companies might not have an entire IT department but rather just an IT guy who is in charge of everything IT related. This leaves little time to create and enforce a security strategy. Having an out of the box solution to secure your email communications can help keep your SMB safe.

Easy targets:

When you gather all the information already exposed you can easily get to the conclusion that SMBs are easy targets for cyberhackers. It’s easy to focus on operations only and forget that a cyber security issue can lead to loss of revenue and other costs.

And because it’s so easy to get lost in the multitude of security solutions out there, or just not have the manpower to implement complex solutions, SMBs remain one of the easiest targets out there.

Small Business Administration Cybersecurity Threat Bills

There are a number of bills that are trying to secure SMBs from the threats of cyber attacks.  S.1691 – SBA Cyber Awareness Act requires an annual report on the cybersecurity of the Small Business Administration. 

The bill asks for a report to be submitted to the appropriate congressional committees that includes:  

• an assessment of the information technology and cybersecurity of the Administration;

• a strategy to increase the cybersecurity of the Administration;

• a detailed account of any information technology component or system of the Administration that was manufactured by a company located in the People’s Republic of China; and

• an account of any cyber threat, breach, or cyber attack that occurred at the Administration during the 2-year period preceding the date on which the report is submitted, and any action taken by the Administration to respond to or remediate the cyber threat, breach, or cyber attack.

Another bill which tries to regulate cybersecurity issues is H. R. 4515, ‘Small Business Development Center Cyber Training Act of 2021’ which requires cyber certification for small business development center counselors, and for other purposes.

This bill asks for the Administrator to establish a cyber counseling certification program to certify the employees of lead small business development centers to provide cyber planning assistance to small business concerns.

The fact that we need to have bills in place for cybersecurity related reports and cybersecurity training comes to show that SMBs are as much at risk as any other company. Having people well trained in handling breaches and even more knowing how to avoid them is of great importance regardless of the size of the company.

What’s the fix?

In order to solve this issue you need to secure your employees emails, first and foremost . This is the main point of entry for malware in a company. Keeping costs as low as possible is another part of the issue, since enterprise class security solutions might prove to be on the expensive side.

Having an automated security solution just might be what SMBs need. If you are low on IT man-power, having something easy to maintain is a big plus. Solutions like Proofpoint Essentials gives your company the control and flexibility it needs without the need of hardware and software installations.

Having the big picture right there to be analyzed through a good interface not only gives you an overview of attacks but also helps you take better informed cybersecurity related decisions.

If you want to know more about Proofpoint Essentials and how it can help you keep your company safe, just contact us and we are more than happy to help.