The cyberattacks that are launched on large enterprises are the ones that tend to grab the big headlines because of the big numbers involved with their colossal impact.
Just from the past year, we had:
- SolarWinds: compromising 250 federal agencies and businesses
- Twitter: 130 users hit including high profile accounts such as those of Joe Biden, Barak Obama, Elon Musk, Jeff Bezos, and more
- Virgin Media: 900,000 users had their data exposed
- EasyJet: had a $24.7 billion class-action suit filed against them due to a data breach
- Marriott: 2 million guests had their data breached
And the list goes on.
SMBs are big targets too
However, let there be no doubt about it, the big guys are not the only targets.
Small to medium enterprises (SMBs) are no less within the sights of cybercriminals. The numbers associated with these attacks may not make it to the front page, but they are no less damaging to the target organization. In fact, the average cost per incident for an SMB is said to be at $3.9 million, with $7.68 million being the average for attacks executed by insiders.
Contrary to what many may believe, SMBs are very appealing targets to cybercriminals, with 71% of ransomware attacks targeting SMBs, as an example. And this is only one of the many types of attacks that are launched against such organizations every day.
The reason behind this phenomenon is that many of these organizations don’t think they are an attractive enough target and therefore don’t implement the same measures, controls, and technologies that bigger enterprises often do.
For example, many SMBs:
- Don’t use security protocols such as two-factor authentication (2FA)
- Don’t regularly update their passwords
- Don’t regularly create backups, which is vital for recovering from an attack
- Don’t implement security regulations compliance processes and controls
There are 2 more aspects: attackers that attack SMBs as part of a supply chain attack on a larger company. The fact that some SMBs are under regulations that they are not necessarily kept in mind (almost every company those days hold some large DB)
As we have seen, though, no SMB can afford to take a lax approach to security, as it leaves them very vulnerable to attack. And the damage can even be much more crippling, with recovery much harder to achieve than by larger enterprises.
The big security challenge for SMBs
Taking robust and comprehensive cybersecurity measures is a prime responsibility of every organization, whether small, medium, or large.
Though the road to doing so for SMBs is paved with multiple challenges, including:
Costs: smaller organizations don’t have the same budget at their disposal as large enterprises do, and therefore cannot deploy the same technologies and practices.
Expertise: finding and hiring experienced personnel who come equipped with fine-honed security skills is both challenging and expensive. As a result, SMBs often don’t have the required capabilities in-house. And with hackers becoming more and more sophisticated every year, this weakness becomes a greater liability all the time.
Complexity: the sheer variety of solutions and technologies that are required for comprehensive protection, not to mention the complexity of cloudification and maintaining hybrid operations, make for security environments that require the kind of experience and know-how that smaller teams rarely possess.
The 4 steps to large enterprise-worthy cybersecurity
Because no one can afford the economic and operational paralysis that that is brought on by a cyberattack, we have outlined the four steps SMBs can take to assure the same level of protection as large enterprises do.
Step 1: promote awareness
Since the actions of employees are often at the heart of successful cyberattacks, it is critical to implement awareness training that helps to ensure that employees:
- Never open attachments from unknown sources, especially since 92% of the malware in the world arrives via email.
- Don’t plug an unknown USB device since it is at risk of containing malware that could launch an attack against the company.
- Regularly update passwords, for even if a password is leaked, exposure will be reduced as soon as it is reset.
Step 2: protect key vectors
Even though SMBs may not have the budget to acquire, manage, and maintain the full scope of cybersecurity systems and applications, they do need to make sure that they do not ignore each of the three main attack vectors:
- Applications, to prevent malicious applications or malware that are embedded in seemingly harmless apps, from executing malicious attacks.
- The network, to prevent attacks that leverage network connections or user activity, such as phishing and Man-in-the-Middle (MitM) attacks.
- Mobile device OS, to prevent exploits such as advanced jailbreaking.
To ensure such prevention, SMBs need to make sure that at the very least they have:
- Protection against malware that infiltrates through an infected file, by viewing an infected website, and by opening an infected email attachment.
- Endpoint protection to prevent damage from attacks on laptops, mobile phones, tablets, Internet-of-things devices, and any other device that is wirelessly connected to the organization’s networks.
- Endpoint detection and response for continually monitoring and ensuring response and the mitigation of threats.
Step 3: implement best practices
Among the best practices that tend to be overlooked by SMBs but cannot be ignored are:
Internet gateways and firewalls to monitor incoming and outgoing traffic, blocking when needed as based on pre-defined rules.
Secure configurations, avoiding out-of-the-box set-ups that execute default passwords that are publicly known.
Software patching to ensure that the organization’s software is always up to date with the latest patches.
Ensuring that mobile phones and tablets are in-scope and are using operating systems that are supported by the manufacturer.
Access control by granting users access only to the resources and data they need for their day-to-day work.
Limiting administrator accounts that have special access privileges.
Selecting strong passwords, since weak passwords are one of the most common vulnerabilities exploited by cybercriminals.
Step 4: acquire SOC-level protection
Once you’ve got the basics down, if you really want to take your security game to the big league, then what you need to do is to find a way to get access to the advanced capabilities of a SOC (security operations center) for:
- Identifying and blocking a cyberattack . . . but without the need to acquire expensive technology
- Understanding and responding to threats effectively . . . but without the need to hire hard-to-find and expensive talent
- Managing the security operations . . . but without the need to outsource to expensive incident response service providers
And the way to make this all happen is with SOC as a Service, which serves as a central command and control for cybersecurity and delivers all the benefits of large enterprise-level security but without all the overhead.
With a cyber incident projected to occur every 11 seconds in 2021, it has never been more important to make sure that security operations are at peak performance, even when resources and budgets are limited.
And the key to doing so is to –
- Ensure awareness of every employee across the organizations
- Get coverage for the three primary attack vectors
- Implement best practices
- Gain access to the advanced capabilities of a SOC, but without the cost and overhead.
This is your best bet for staying ahead of cybercriminals, keeping your data assets protected, and ensuring a thriving operation in 2021 and beyond.