Finding Funding to Battle SMB Security Threats

6 Comments

Reducing the risk of a Cyber Attack is quickly becoming job number one for those administering an SMB’s network infrastructure. After all, Cyber Attacks constitute one of the biggest threats to operations and those threats are growing in ferocity and frequency, something the typical SMB operator fails to comprehend.

Although the news is rife with the details of the latest cyber-attack, intrusion or malware infestations, SMBs, for the most part, feel that those are threats to only the largest of businesses, and that the typical SMB is protected simply by anonymity. In other words, cyber criminals will simply ignore SMBs, because they are unaware of the existence of those small and medium businesses.

Nothing could be further from the truth, the Verizon Data Breach Investigative Report reveals that SMBs are the top targets of cybercriminals and suffer breaches more often than larger firms. What’s more, the impact of a breach on an SMB proves more devastating, with a study from the National Cyber Security Alliance stating that some 60% of SMBs cease operations within six months of a data breach.

Obviously the stakes are high, yet many IT pros have trouble explaining the potential devastation that a cyber-attack can wreck upon the typical SMB. Perhaps the best place to start is with the identification of why SMBs have become so targeted by the nefarious denizens of the web. One of the reasons that SMBs prove to be ripe targets is that the way most SMBs deploy security tools, which are ill equipped to combat today’s advanced attacks. Many SMBs rely on traditional security products, such as anti-malware products and basic firewalls, thinking that those products offer adequate protection.

However, the truth is that those products are woefully inadequate when it comes to targeted attacks, insider threats or advanced persistent threats. The reason being is that those technologies rely on approaches such as signature files, URL blacklists and static policies to mitigate attacks.

The simple fact of the matter is that most cyber attackers are very rational in how they target systems. In other words, there are strong incentives fueling the attack, which range from the value of the data that can be obtained (credit card information, user accounts, and so forth) to the likelihood that an attack will go undetected for weeks, months, or even years, if ever. Simply put, most of the defenses deployed by SMBs today are designed to deal with known threats and cannot counter the zero day or blended threats that are becoming all too common.

A survey by the Poneman Institute further paints the picture of SMBs taking a naïve approach to cyber security, with some 60% that do not consider cyber-attacks to be a big risk to their organizations, while 44% don’t consider strong security to be a priority. It is those misplaced beliefs that pose the largest challenge for those looking to keep SMBs’ systems secure, making worthwhile security suggestions fall on deaf ears.

However, the purveyors of SMB security solutions do have a strong ally on their side, one that is hard to ignore, and that is the financial argument. An argument that purveys the concept of what the cost of doing nothing is. Extensive research has been conducted on that very element, which can be summarized as the high cost of suffering an attack. For the financial impacts of a cyber-attack, SMBs can turn to an interactive info-graphic from Towergate Insurance, which offers a visual representation of collected facts and numbers.

The Ponemon Institute further highlights the financial burden in an NSBA report that states the average cost of a cyber-attack was over $8000, a significant amount of money to the typical small business. However, that cost does not include intangibles, such as down time, loss of business, remediation and so forth, meaning that the actual cost to an SMB is possibly far greater.

When armed with the right facts, garnering budget dollars for better security solutions should become a much smoother process. After all the argument quickly becomes one of not being able to afford doing nothing.

 

 

6 Comments

WP India

Cyber attacks are rising day by day which requires immediate remedial action as the stakes are very high and IT companies are having trouble explaining the potential devastation because these attacks can go undetected for weeks, months and even years. Better security solutions are a must now for every company.

James Monachino

Often, most of the press is written describing large financial intuitions which were hacked. Unfortunately, it is the small to mid-size firms who are getting squeezed by cybercrime.

What to do?
— Industry solutions and formulas are many; costly, and often only offer limited protection.
— Government recommendations are usually long winded, detailed, and again offering limited success.
— Doing nothing is like playing Russian roulette with one bullet in a multi round chamber, eventually that bullet will roll out of the barrel.

Recommended Action:
–Talk to folks you know in your business and ask for recommendations.
–Talk to the cybersecurity vendors and ask for a list of services they provide and how the services would protect your business.
–If possible, have your business scored by a 3rd party vendor to determine digital vulnerabilities.

Bob Nelson

From talking with a range of SMBs about their cybersecurity defenses, the issue is not that they think there is no problem as they read about cyber attacks every day. The problem is they don’t have the people or financial resources to buy and maintain the existing cyber services in the marketplace. When they come across solutions that are designed with the ease of use, accuracy, and pricing required by SMBs (Atomicorp and NetWatcher are just 2 examples), they will gladly buy.

Michael Halley

This is a reason HEMISPHERE has created a very cost effective solution for SMBs that improves a SMB cyber risk profile and offsets the cost through lowered insurance premiums.

Comments are closed.