Cybercrime knows no boundaries. While much attention goes to mega-breaches of large corporations, smaller businesses must also urgently bolster their cyberdefenses.
Luckily, just as fast as the cyberthreat landscape changes, cost-effective and customizable security solutions hit the market — or updated products become available — to help small to midsized businesses stay safe.
But it’s worrisome that some SMBs aren’t heeding the warnings and continue to think their small size will somehow keep them flying under hackers’ radar.
In PwC’s 2015 Global State of Information Security Survey, researchers found that small firms, with annual revenues of less than $100 million, cut security spending by 20 percent in 2014. Conversely, medium-sized firms, with revenues of $100 million to $999 million — and large companies — increased security investments by 5 percent.
These numbers are alarming, because it’s generally accepted today that cybercriminal activity is growing across segments, geographies and business sizes.
Small Business Security Risk Factors
In fact, small businesses were specifically targeted in large numbers just recently. Major credit card companies in the U.S. required retailers to upgrade their point-of-sale terminals to support EMV chip cards by October 2015, and some hackers apparently heard that deadline as a starting gun.
POS terminals have historically been targeted by malware, but at the end of 2015 (coinciding with the EMV deadline) POS malware detection rose nearly 66 percent, according to TrendMicro’s 2015 Security Roundup report.
Where the Security Battle Lines Have Been Drawn
Alarming statistics aside, the sky isn’t falling for small businesses. Large organizations still tend to identify more incidents each year than small ones do. PwC also found that respondents from large businesses detected 31 times more incidents than small companies in 2015.
But regardless of the ebb and flow of cyber risks, the battle for data and network security for SMBs begins with risk assessments, employee training and the latest software solutions.
With tight budgets and small IT teams, some small businesses choose to contract with security companies for threat intelligence services that collect information about new attacks and send updates so security managers can initiate proactive defenses, among other benefits.
Many SMBs outsource cybersecurity to managed services providers to make up for a lack of time and in-house expertise. In Webroot’s 2015 SMB Threat Report, 81 percent of respondents agreed (and an additional 53 percent agreed somewhat) that outsourcing would provide them the bandwidth to address other tasks.
Developing a Smart Defense Plan
Small companies have never been immune from cybersecurity threats. But this year will likely see attackers focus particular attention on smaller firms, security experts say. The reason: Despite their size, SMBs contain a trove of valuable data, such as intellectual property, personal information about customers, bank account numbers and credit card data.
For SMBs to stay safe, their security tactics must become part of a broader end-to-end approach to security — a total lifecycle security mentality, if you will. It’s a necessity for everyone because enabling a sufficiently secure business is a journey that never ends.