When most people think of cyberattacks, major data breaches at humongous companies like Equifax and Yahoo!, typically come to mind. This is perfectly understandable, as these are the attacks that impact the most people and always make headlines. But cybercriminals don’t limit their attacks to large companies–they also target countless small businesses every year. And in many cases, these attacks destroy businesses and livelihoods.
By Zack Schuler, Founder and CEO of NINJIO
There’s no reason to put it delicately: The state of cybersecurity in the world of small and medium-sized businesses (SMBs) is nothing short of alarming. Not only are SMBs relentlessly targeted by hackers, but they’re also woefully unprepared to defend themselves and unequipped to handle the aftermath. This is a status quo that has to change immediately–SMBs are the biggest engine of the U.S. economy and they’re at risk like never before.
The Scope of the Problem
Every year, cyberattacks cost small businesses an average of almost US$80,000, and losses can range up to US$1 million (according to a report by the Better Business Bureau). Meanwhile, a 2018 study by the Ponemon Institute found that more than two-thirds of SMBs reported that they had been targeted by a cyberattack within the preceding year. Substantial majorities of SMBs also agree that cyberattacks are becoming more targeted, severe, and sophisticated, but despite these facts, almost half of respondents say they have no understanding of how to protect against cyberattacks.
Key findings from the report
- Every year cyberattacks cost small businesses an average of almost US$80,000, and losses can range up to US$1 million.
- A survey reports 88 percent of small business owners felt their business was vulnerable to a cyberattack.
- Almost two-thirds of small businesses fail to act following a cybersecurity incident.
- 56 percent of SMBs say, defending mobile devices from cyberattacks is extremely challenging.
- The top three attack vectors cited by SMBs are mobile devices, laptops, and cloud systems.
- Just 16 percent of SMBs are “very confident in their cybersecurity readiness.”
- 60 percent of SMBs lack a “cyberattack prevention plan.”
A recent survey by the U.S. Small Business Administration found that 88 percent of small business owners felt their business was vulnerable to a cyberattack. However, due to resource constraints, a lack of technical expertise, and the rapid pace of change in the cybersecurity world, they often feel helpless or ill-prepared to defend themselves against the vast range of cyberthreats they face.
In fact, a survey of more than 4,100 SMB cybersecurity professionals recently conducted by Forrester, found that almost two-thirds of small businesses fail to act following a cybersecurity incident. Even when the threat is right at their doorstep, many SMBs don’t know what to do.
The World is Changing for SMBs
There are many factors that contribute to the challenging cybersecurity situation for SMBs. First, digital operations are no longer optional for any company–even if your market is small and local, consumers are increasingly demanding the ability to do all their business online.
SMBs are changing the way they operate in the digital era. For example, a 2018 Cisco survey of SMBs found that the percentage of their networks that are on the cloud increased from 55 percent to 70 percent between 2014 and 2017. While almost 70 percent of SMBs say they’re making this transition for security reasons, an increased reliance on cloud-based services can also open up new vulnerabilities.
Meanwhile, other aspects of the digital transition have proved difficult for SMBs, 56 percent of which say, defending mobile devices from cyberattacks is extremely challenging. Ponemon reports that the top three cyberattack vectors cited by SMBs are mobile devices, laptops, and cloud systems.
The Ponemon report also discovered that issues such as a lack of money, out-of-date cybersecurity technologies, and insufficient personnel are all major obstacles cited by SMBs. But the main threat cited in the report is employee negligence, as phishing/social engineering attacks were reported more than any other, while negligent employees or contractors were cited as the top root cause of the data breaches.
How SMBs can Protect Themselves
According to the Forrester survey cited above, just 16 percent of SMBs are very confident in their cybersecurity readiness. Despite the fact that SMBs are increasingly concerned about cybersecurity, Forrester also found that almost half of them don’t have a clearly defined strategy for protecting themselves. This is a common theme in surveys of SMBs. A 2019 Keeper survey found that 60 percent of respondents lack a cyberattack prevention plan.
SMBs have to start taking cyberthreats more seriously, and this starts with education–for business leaders as well as employees. Many SMBs have convinced themselves that they’re incapable of protecting themselves from cyberthreats, but this couldn’t be further from the truth. Not only are there powerful security tools at their disposal–such as data-at-rest encryption and multi-factor authentication–but they’re also capable of turning one of their biggest vulnerabilities into a strength.
Human error is by far and away the biggest cause of cybersecurity breaches. While this is disconcerting, it’s also empowering–when SMBs make cybersecurity training a top priority, they can drastically reduce their risk without spending tens of thousands of dollars on cutting-edge digital solutions. This isn’t to say technology isn’t an important element of cybersecurity, but it’s always worth remembering that the most advanced piece of hardware on the planet is the human brain.
About the Author
Zack Schuler is the founder and CEO of NINJIO, a cybersecurity awareness company that empowers individuals and organizations– from Fortune 500 companies to small businesses – to become defenders against cyberthreats. Prior to launching NINJIO, Zack was the founder and CEO of the I.T. services company Cal Net Technology Group. In addition to his entrepreneurial pursuits, Zack is a member of the Forbes Technology Council and he’s on the board of governors for Opportunity International, an organization that provides microfinance loans, savings, insurance, and training to more than 14.3 million people who are working their way out of poverty in the developing world.
Disclaimer: CISO MAG does not endorse any of the claims made by the writer. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same. Views expressed in this article are personal.