No matter the size, every business today faces cybersecurity threats. While cyberattacks against large companies grab bigger headlines, small businesses are even more susceptible because they typically have fewer resources dedicated to protecting against these threats.
The volume, scope and cost of cybercrime continues to escalate, with studies predicting that it will cost the world $6 trillion annually by 2021. The number of attacks, including phishing, advanced malware, zero-day and ransomware attacks is escalating rapidly. A recent study indicated that 67% of small businesses experienced a cyberattack, and another 58% experienced a data breach in 2018—which is staggering when you consider that the average cost of a data breach globally is $3.86 million, a 6.4% increase from a 2017 report. The simple truth is no organization of any size can afford to be unprepared. Today’s small businesses need security solutions that don’t bust their budgets or stretch IT staff to the point of being ineffective. They need security solutions that can be customized to protect their specific IT environment against attacks on the network, in the cloud, and at every connected endpoint.
The State of Cybersecurity for Small Businesses: Increased Risk, Limited Resources
In today’s threat landscape, small businesses are uniquely vulnerable to cybersecurity threats. Unlike larger enterprises, they face resource constraints for the complex tasks of monitoring, identifying and remediating an increasing variety of risks— from strong encryption ransomware and malware to distributed denial-of-service (DDoS) attacks and crypto mining threats. And while they may have a smaller attack surface, small businesses are just as vulnerable as a major enterprise.
Not only are small businesses growing as the favored targets for ransomware attacks, they are frequently also the most impacted. A study that surveyed 1,816 small business respondents across 26 countries to understand their security risks found that 53% of the respondents had already experienced a breach. These data breaches frequently had a significant financial impact on the company, including lost revenue, customers, and opportunities. The study also revealed that targeted attacks against employees such as phishing (79%), advanced persistent threats (77%), ransomware (77%), DDoS attacks (75%), and proliferation of BYOD (74%) were the top five security concerns for small businesses.
While most small businesses are aware of the growing severity and scale of these cyber threats, many are still grappling to find the right solutions and strategies to help them keep these threats in check. In another recent survey, a shocking 1/3 of small businesses stated they have no safeguards in place to stop a cybersecurity breach. And while 97% of advanced malware takes advantage of Domain Name System (DNS) blind spots to launch their attacks, most small businesses do not have the resources or capabilities to monitor DNS traffic for malicious internet connections.
Small businesses are finally recognizing that traditional, i.e., “dated” security solutions will no longer protect their data, or the data of their customers. Creating robust firewalls, building VPNs, ensuring up-to-date anti-virus software and malware detection is a start, but it’s not enough. Small businesses need to reimagine how security is delivered so it can proactively defend every endpoint in the network, as well as all the data that travels across the network by any means.
Rethinking Security in the Digital Age
Businesses today are rapidly embracing digital transformation initiatives and deploying new technologies to remain competitive and gain market share. While the integration of business systems, technologies and operations can enable smarter data-driven decision-making and generate valuable customer insights, it can also pose new security challenges by accelerating the speed and damage of attacks across highly connected enterprise networks.
Managing these new technologies is a growing challenge for small businesses already struggling to keep pace with existing business needs, increased competition, and compliance requirements.
It used to be that companies took a straightforward approach toward protecting data based around securing the entire network and all the user activity that passed through it. Today, things are dramatically different. The explosion of mobile, cloud, Bring Your Own Device (BYOD) policies, as well as the Internet of Things (IoT) present mounting challenges on every front from a security perspective. Controlling large volumes of data on multiple devices is an especially difficult challenge, since so much of that data now originates outside the company network.
To complicate matters even more, unstructured data – such as emails, documents, videos, photos, and presentations – is increasing exponentially as more devices become mainstream. This data is some of the most difficult to protect.