The cybersecurity paradox for SMBs: High vulnerability, low resources

SMBs have limited security resources, making the answer to this question "I don't know" in many cases.

Small and medium-sized businesses (SMBs) are uniquely vulnerable to cybersecurity threats. Compared to larger enterprises, they have far fewer resources available for the increasingly complex tasks of monitoring, identifying and remediating a huge array of risks, from strong-encryption ransomware to distributed denial-of-service (DDoS) attacks. This shortfall kicks off a vicious cycle, through which SMBs are often successfully breached, resulting in significant financial damages that in turn make adequate security implementations even more challenging to realize.

A 2018 survey of 1,000 SMBs by domain name provider GoDaddy highlighted this very trend, noting that half of them had suffered monetary losses from breaches and one-eighth reported a loss of $5,000 or more. At the same time, up to 40 percent rarely if ever checked for vulnerabilities, with some spending virtually nothing ($500 or less) each year on their security-related projects. Paired with the longstanding shortage of skilled security personnel – who can command considerable salaries given their current scarcity – this resource pressure puts SMBs in a pinch and requires creative solutions.

Roadmap for SMB cybersecurity success: 4 key practices

Cybersecurity isn't a destination – there's no point at which you can say you're "finished," as threats continually evolve and require ongoing attention. Our recipe for success takes this into account by emphasizing four key points that put SMBs on a sustainable trajectory:

1. Patch management

While basically the opposite of a glamorous or enjoyable activity, patch management is nevertheless the foundation for security readiness. Outdated and unpatched operating systems, applications and services are magnets for cyberattackers, who exploit known vulnerabilities; only 36 percent of SMBs reported regularly patching their software in a Federation of Small Businesses survey of U.K.-based organizations.

A patch management strategy ensures that anything in need of a security update is quickly identified and patched after the patch itself is verified and tested. Managed service providers (MSPs) can help streamline the patch management process as part of a larger offering that includes solutions such as network monitoring.

2. MSP security solutions

Indeed, in addition to patch management, an MSP might provide a range of services at a price point that SMBs themselves couldn't match with an in-house team. For example, an MSP partner could offer DDoS mitigation, firewalling, virtual private networks and content filtering. Moreover, all of these functions would be backed by 24/7/365 oversight.

Working with an MSP has the dual benefit of reducing the cost and complexity of cybersecurity management and freeing up limited SMB staff for other projects. Managed security means not having to choose between keeping critical systems safe and focusing on essential non-security efforts for the organization.

3. Employee training

Fending off security threats is about more than keeping outsiders at bay; it's also about making sure insiders aren't routinely making mistakes or abusing privileges. Internal risks run the gamut from recycling the passwords to sensitive accounts to copying data to an external drive or cloud account that exists beyond the corporate firewall.

Addressing these challenges requires a mix of technical and procedural measures. The latter should include regular trainings that educate users on security best practices (e.g., how to spot a phishing attempt) as well as the safe use of everyday applications like email, instant messaging and cloud-based storage.

4. Cyberinsurance

The cyberinsurance industry has grown in recent years as SMBs and enterprises have sought further recourse against the damaging effects of data breaches. Such insurance is valuable considering that these incidents can routinely cost six figures or more to recover from.

According to Aon, total premiums from cyberinsurance policies reached $1.84 billion in 2017, a 37 percent year-over-year increase. A cyberinsurance policy usually provides liability protection against the breach of sensitive information, making it a good investment at a time when SMBs must comply with potentially many regulatory frameworks while keeping their IT systems safe.

Implementing a cybersecurity roadmap at your SMB

Paramount can find the right personnel and technologies to turn your cybersecurity plans into reality, whether you need to flesh-out a patch management strategy or get help in implementing new internal best practices. Contact our team today to learn more.