There are many common perceptions about cybersecurity – but many are putperceptions. For small and medium-sized businesses (SMBs), cybersecurity misinformation can be confusing — and sometimes risky. It’s time to set the record straight on which statements are fact and which are fiction.
Fiction: Cybercriminals don’t care about SMBs
Modern cybercriminals really care about SMBs – and often use smaller third-party vendors to gain access to larger targets. With less budget and expert resources dedicated to cybersecurity than their larger counterparts, small and medium-sized businesses are often easier targets, especially in today’s increasingly complex and connected cloud environment. In fact, nearly a third (28%) of data breaches in 2020 involved small businesses, according to the Verizon 2020 Data Breach Investigations Report (DBIR) – 70% of which were perpetrated by external actors.
Fiction: Cybersecurity outsourcing is not a realistic option for SMBs
Cybersecurity outsourcing is a great option for SMBs. Leveraging a managed service rather than purchasing a security point solution gives your SMB fixed-cost access to enterprise-grade technology and expertise you couldn’t otherwise afford. These seasoned security teams become an extension of your internal IT team and can help you create and improve your overall cybersecurity program and strengthen your security posture.
Reality: Compliant does not mean safe
While it’s true that cybersecurity and compliance are often linked, they are not the same. An organization may meet minimum government or industry security requirements, but that does not mean that the organization is secure. Your IT/security team should be aware of your industry’s compliance mandates, but also be prepared to take an active role in protecting your organization. Rather than trying to handle these responsibilities alone, a cybersecurity-as-a-service provider with proven industry expertise can help you meet your compliance obligations – and will also have the technology and expertise to ensure your safety.
Reality: Cybersecurity fatigue is a problem
Forty-one percent of respondents in SMBs and large enterprises report feeling fatigued, according to the Cisco 2020 Cybersecurity Report Series for Small and Medium Businesses. IT/security teams and business leaders need to be effective in managing security, especially in organizations with limited resources. Outsourcing some of the tasks to a managed cybersecurity vendor can relieve your IT team of the stress and burnout associated with running your cybersecurity program — and can even help optimize it.
Fiction: strong passwords are enough
Strong passwords are important, but passwords alone won’t protect your business. Other components of a good cybersecurity posture include two-factor authentication and ongoing cybersecurity monitoring. Collecting security events from across your IT infrastructure, network, and applications, and constantly reporting threats, is an integral part of enterprise network security. The cybersecurity landscape is constantly changing and the COVID-19 pandemic has introduced a new set of cybersecurity challenges and issues for organizations across all industries. The good news is that we have seen remarkable improvement in the SMB cybersecurity space in recent years, thanks to growing awareness and maturing of managed detection and response (MDR) capabilities. Today, SMBs have access to security products and services that were previously only available to large enterprises.
Fiction: Antivirus is the only endpoint protection you need
Antivirus solutions are usually signature-based, which means that the malware they detect is already known. Increasingly, attackers are exploiting zero-day vulnerabilities or targeted attacks that traditional signature-based solutions don’t “recognize” and won’t detect. As user devices such as desktops, laptops, and mobile devices now extend beyond your perimeter, visibility into these endpoints is critical. Endpoint detection and response (EDR) solutions provide this visibility and also complement antivirus protection by leveraging behavior-based signatures, machine learning, and analytics to detect advanced compromises. EDR can also alert, block, remediate and quarantine suspicious behavior as needed.
Fiction: Monitoring my edge firewall is the only monitoring needed
Your edge firewall will only inspect traffic that passes through this firewall. Instead, your entire estate should be monitored. Network segmentation and network-wide monitoring will provide crucial visibility into compromises that originate from within the network or propagate laterally through the network (east-to-west traffic patterns). Additionally, monitoring of all applications, databases, file shares, and authentication sources provides key telemetry for threat detection.
Fiction: SMBs Can’t Afford a Cybersecurity Program
On the contrary, you cannot afford NOT to have a cybersecurity program. According to the National Cyber Security Alliance, 60% of small businesses victimized by a cyber attack go out of business within six months of the incident. As companies expand their cybersecurity programs, budget, and detection capabilities, they become harder targets, increasing the focus of attackers on smaller, often less-protected organizations – for greater ROI .
FACT: Phishing and social engineering are the number one attack vector for SMBs
Humans are the weakest link in the cybersecurity chain for businesses of all sizes, and the numbers prove it. According to the Verizon 2022 DBIR, 82% of breaches involved the human element, and social attacks such as phishing kicked attackers out. Primary motives include financial gain, and your users with access to your organization’s banking and business systems are likely targets. Protection against these tactics includes strong email security controls combined with end-user security awareness training and phishing testing as components of your cybersecurity program.
Don’t believe everything you hear. Knowing the facts about cybersecurity enables you to resist attackers and plan your cybersecurity strategy appropriately. For many SMBs, security point solutions, tight budgets, and limited expertise can impact the effectiveness of your security efforts. Consider partnering with a managed service provider that can give you on-demand access to enterprise-grade cybersecurity technologies and the resources needed to run them, without the complexity or cost of implementation, staffing, and maintenance. staff and managing everything yourself.
Looking to strengthen your security posture with a managed service provider? Check The main security services of SilverSky for simple, affordable and accessible cybersecurity.
*** This is a syndicated SilverSky Security Bloggers Network blog written by michele-johnston. Read the original post at: https://www.silversky.com/blog/fact-or-fiction-the-truth-about-cybersecurity-for-small-and-mid-sized-businesses/