The Cisco report
Cisco have released a new cybersecurity report looking at how smaller companies can help defend themselves against cybercrime. Their “Small and Mighty” Cybersecurity Special Report draws on data gathered from hundreds of respondents across 26 countries.
The report reveals that small and medium sized businesses are just as vulnerable to cybercrime as their bigger counterparts.
In fact, in 2018, more than half of mid sized companies suffered a security breach.
Smaller companies often use more basic security protections, and they lack specialist security staff. This means that they are not only just as vulnerable to attack as larger companies, but are often the first to be attacked. Hackers can use smaller attacks on these types of organisations as launch pads for larger hacking campaigns.
The problem with being online
Any company that does business online is a potential target for cybercriminals. And almost all modern businesses are hugely reliant upon both their systems and connectivity.
For many smaller businesses, recovering from a major cyber attack is difficult and costly. The loss of essential data can result in a genuine struggle to remain profitable. By comparison, larger organisations tend to be more resilient because they have more resources for response and recovery, and are generally better prepared.
The Cisco report reveals that companies worry most about the following types of threats:
- targeted attacks against employees (such as phishing)
- advanced persistent threats (such as new types of malware) and
- distributed denial-of-service attacks (which flood a company’s servers with so much traffic that they crash)
Moving to the cloud
In response to their security challenges, many smaller companies are choosing to take advantage of cloud-based security solutions. Mid market companies believe that hosting networks in the cloud offers better data security, and solutions that are more cost-effective than hiring staff to provide the equivalent services.
According to Cisco, 55% of SMEs said in 2014 that some of their networks were hosted in the cloud; in 2017, that rose to 70%.
Many smaller businesses are also looking to external specialists to provide corporate cybersecurity. Over half of the SMEs surveyed use external providers for advice and consulting, incident response, and security monitoring.
By setting aside some of their limited resources for understanding and responding to threats, smaller businesses are helping to protect themselves and their customers.
Putting security on the agenda
On a positive note, cyber security is now a common matter on board agendas. The Cisco report notes that the vast majority of smaller businesses now have a senior person in charge of cyber security risks in one way or another.
And a solid majority test their incident response plans at least once a year by running drills.
Something is Better than Nothing
Cyber security is an ever changing and complex area, with threats that evolve quickly, and repercussions that are far-reaching.
But the overriding recommendation for SMEs looking to improve their cyber security is that a small or incremental change is better than no change. Smaller businesses should not let a desire to be “perfect” in their security approach get in the way of becoming “better.”
Smaller, tangible improvements can make a big difference to your security.
Talk to phew today about how our Security Awareness Training and Cyber Health Report can start you on the path to improved security for your business.