Any company that does business online is a potential target for cybercriminals. And almost all modern businesses are hugely reliant upon both their systems and connectivity.
For many smaller businesses, recovering from a major cyber attack is difficult and costly. The loss of essential data can result in a genuine struggle to remain profitable. By comparison, larger organisations tend to be more resilient because they have more resources for response and recovery, and are generally better prepared.
The Cisco report reveals that companies worry most about the following types of threats:
- targeted attacks against employees (such as phishing)
- advanced persistent threats (such as new types of malware) and
- distributed denial-of-service attacks (which flood a company’s servers with so much traffic that they crash)
Moving to the cloud
In response to their security challenges, many smaller companies are choosing to take advantage of cloud-based security solutions. Mid market companies believe that hosting networks in the cloud offers better data security, and solutions that are more cost-effective than hiring staff to provide the equivalent services.
According to Cisco, 55% of SMEs said in 2014 that some of their networks were hosted in the cloud; in 2017, that rose to 70%.
Many smaller businesses are also looking to external specialists to provide corporate cybersecurity. Over half of the SMEs surveyed use external providers for advice and consulting, incident response, and security monitoring.
By setting aside some of their limited resources for understanding and responding to threats, smaller businesses are helping to protect themselves and their customers.
Putting security on the agenda
On a positive note, cyber security is now a common matter on board agendas. The Cisco report notes that the vast majority of smaller businesses now have a senior person in charge of cyber security risks in one way or another.
And a solid majority test their incident response plans at least once a year by running drills.
Something is Better than Nothing
Cyber security is an ever changing and complex area, with threats that evolve quickly, and repercussions that are far-reaching.
But the overriding recommendation for SMEs looking to improve their cyber security is that a small or incremental change is better than no change. Smaller businesses should not let a desire to be “perfect” in their security approach get in the way of becoming “better.”
Smaller, tangible improvements can make a big difference to your security.