Cyberthreats are big trouble for small businesses

Cyberthreats are big trouble for small businesses
Published in : 22 Mar 2023

Cyberthreats are big trouble for small businesses

Cybercriminals don’t necessarily discriminate by business size: if there is an opportunity to infiltrate a network, they will. However, unlike large enterprises, small and medium-sized businesses (SMBs) typically don’t have the resources to defend against the growing onslaught of cyberattacks.

The first step toward robust protection is understanding existing cyberthreats.

For example, ransomware — a type of malicious software that blocks access to data or a computer system until a ransom is paid — is one of the biggest threats facing SMBs, according to the 2021 Verizon Data Breach Investigations Report. Phishing, the practice of sending fraudulent emails to obtain personal information, is another one.

“Ransomware is a significant cyberthreat for SMBs,” according to Candid Wüest, Vice President of Cyber Protection Research at Acronis. “Just because we don’t see news reports about incidents that affect small and medium-sized businesses doesn’t mean they are not happening. All sizes of organizations are targets. And for a smaller company in particular, losing access to their data or having to pay $100,000 in ransom can be a death blow.”

Phishing emails are often sent in what Wüest called “large spray waves, which do not care how large the receiving organization is.”

Cyberattacks are growing in frequency, and IT infrastructures are becoming more complex as companies increasingly use cloud services and employees work remotely.

“These factors make it challenging for small businesses to gain visibility across all their assets and react fast and efficiently to new attacks,’’ Wüest said. “In a study we conducted, 21% of large and medium organizations are using 10 different security solutions in parallel. This would be quite difficult for smaller companies with fewer personnel resources to manage.”

Cloud services are managed by the vendor and this requires a high degree of trust. However, the Acronis survey found that 53% of customers do not trust their cloud providers to protect them sufficiently, Wüest said.

Ensuring your business is protected

Many SMBs are looking for ways to strengthen their overall security posture this year, according to Techaisle. That should start with identifying security needs.

Wüest recommends addressing data protection, authentication, and timely patch management. These security activities require visibility across the network and anywhere that company data exists — whether in the cloud, on-premises, or on an individual’s home computer desktop.

“Companies must also protect their data from data breaches to avoid loss of trust from their customers and even regulatory fines” from non-compliance with regulations such as the General Data Protection Regulation (GDPR), he stressed.

These are good first steps. However, SMBs are often not well-versed in the nuances of regulations, and many typically don’t have adequate staff to handle on-premises and cloud-based security. That is why many SMBs are turning to managed services providers (MSPs) to take care of these tasks and to help them avoid risks around data protection.