When the threat of cyber attacks first came to public attention, nearly everyone focused on cybersecurity for large companies. However, year-to-date, 58 percent of malware attack victims are categorized as Small and Medium Enterprises (SMEs). While we have already set you up with a guide to budgeting for cybersecurity in 2019, we will now take you through a guide of essentials for cybersecurity for SMEs.
Statistics Every SME Should Know
Aside from 58 percent of malware attack victims being SMEs, there are additional statistics every SME should be aware of to truly realize the importance of cybersecurity. In 2017, cyber attacks cost SMEs an average of $2.2 million. Average malware-related costs for SMEs included over $1 million due to damage or theft of IT assets, and just under $1.2 million due to disruption in normal business operations.
How are these attacks delivered? Over 92 percent of malware is delivered via email; relying on uneducated employees to click on malicious links or attachments. It’s estimated that each user at an SME receives nine malicious emails per month and it only takes one click for your SME to become compromised.
Throughout the year, we have also seen an increase in fileless malware. Approximately 35 percent of malware attacks have been fileless. Because fileless malware techniques replace the need for dropping malicious executable files on disk, traditional security solutions such as antivirus programs can’t detect them. With no file to scan, there’s nothing antivirus can do – thus, making them extremely successful.
Lastly, 60 percent of SMEs say attacks are becoming more severe and more sophisticated. This statistic is supported by the fact that we can see the increasing average cost of an attack and the rise of more sophisticated techniques such as fileless malware.
Cybersecurity Essentials for SMEs
Hackers have been relying on the theory that SMEs do not spend seriously on ensuring their cybersecurity strategy protects them against the latest threats. Due to budgetary constraints, this theory often holds true. While we are in no way saying that SMEs need to have the cybersecurity budget of a large enterprise, we are emphasizing that SMEs need to continually monitor their cybersecurity controls and reassess them on an ongoing basis. For example, what worked to protect your company a year ago may no longer even be the minimum requirement given the scale of growth.
Due to the growing regulatory pressures on large enterprises for cybersecurity, many are now requiring equal cybersecurity and data security norms for their vendors. A large portion of such vendors are in the SME segment meaning; if you want to secure that next large contract, cybersecurity may be the difference between signing on the dotted line or not.
So, what can you do to ensure your cybersecurity passes the test? While it’s up to your individual business to select vendors you feel protect your business most effectively, we can offer tips your business can start with to sure up your cybersecurity landscape.
- Create an organizational culture around cybersecurity – especially true with SMEs, more and more employees have the option to work remotely; whether that be full-time or simply having access to company files and applications on their laptops or smartphones. These devices often don’t have the cybersecurity applications in place as opposed to desktops in the office. Start by requiring all employees to report all devices they use to access work-related information and ensure that these devices are also secure. While this can be an arduous process, it could be your saving grace from incurring a cyber attack. Furthermore, it can also help identify where a cyber attack began if you become compromised.
- Restricted access to processes and products – Because SMEs work with a smaller number of employees, restricted access is normally not a protocol. This creates more vulnerability for zero-day attacks. Zero-day attacks are unknown until the business or product has been lost. However, with increased penetration of AI and machine learning, predictive cybersecurity is now an option.
- Make investments in cybersecurity a priority – If you need help on where to start with budgeting for cybersecurity, click here. Instead of thinking about spending on cybersecurity as a preventative measure, think about it as a competitive advantage. While we certainly don’t wish a cyber attack on anyone, if your competitor suffers an attack, it’s going to drive customers away from them and to your business. If you make that extra investment and have ample cybersecurity measures in place, it could be your competitive advantage.
- Educate, educate, educate – Did we say educate? Along with the investment in cybersecurity measures, make an extra investment in educating your employees on safe cybersecurity practices. What should they do when they receive an email that includes a suspicious attachment? What should they do if they receive an email from the CEO requesting to wire an abnormal amount to a vendor? Remember, 92 percent of malware is delivered via email – making your employees the key to effective cybersecurity.
Look at the business next door. Over the next year, one of you is extremely likely to suffer a cyber attack. Create an organizational culture around cybersecurity; restrict access to processes and products; invest in your cybersecurity; educate, educate, educate your employees; and make sure you’re not a member of the 58 percent.
Photo courtesy of PYMNTS.com