Vincent Weafer, chief technology officer of Corvus Insurance .
Today's business operations are highly decentralized, cloud-enabled environments that offer agility and rapid scaling. With this, cyberattacks—particularly ransomware—are a more pervasive concern as the threat surface evolves and attackers' campaigns become more scalable and complex. The sophisticated nature of these attacks requires a level of security preparedness in which many small businesses have yet to invest. As a result, small- and midsize-businesses (SMBs) have become more attractive targets for threat actors. These SMBs may be seen as gateways to infiltrate the larger organizations whose services are used and are, therefore, more vulnerable to attacks, which can result in costly damages.
Key Developments In Ransomware
A recent report from our company reveals that the No. 1 type of attack SMBs faced in 2021 was ransomware. The second most common method of infiltration was through the use of stolen credentials. Attackers can steal your credentials via many different methods, including brute force attacks, leveraging reused passwords from previously hacked sites and more. The third most common attack genre was social attacks. This class includes phishing, business email compromise (BEC) and pretexting (the human equivalent of phishing). Each of these attack types and methods of entry is fundamentally changing the way businesses operate and make decisions. The report data also tells us that ransomware attacks will persist, with industries—such as professional services—experiencing increased ransomware costs.
The Dilemma For SMBs
There is a common misconception that SMBs don't take cybersecurity as seriously as larger organizations. But large organizations are often better equipped to mitigate attacks because they've already spent years enhancing their security frameworks. Larger enterprises often have access to more sophisticated technology and resources and can build much larger teams to monitor their networks. The primary reason enterprises have this advantage over SMBs comes down to one main factor: budget. In fact, only 8% of businesses with fewer than 50 employees have a dedicated budget for cybersecurity, and many of those organizations are still combining cybersecurity into their overall IT (or other technology departments') budget.
Not having a dedicated budget from the outset means that investing in security can become an ad hoc behavior, often forcing investments in security to be deprioritized during budgetary planning. If an organization is unable to allocate a budget toward security, the most crucial practices they'll still want to adopt are exercises to understand the impact of losing access to critical data. Conducting an assessment of internal and external readiness—either through tabletop exercises or leveraging external penetration (pen) testing—may help identify where you need to invest in moving the needle on high-priority risks.
Pragmatic Steps For Building A Cybersecurity Strategy
The importance of having access to an array of security resources is clear. There are a number of basic steps that any SMB can implement to help secure their systems, such as implementing two-factor authentication, installing software updates promptly so that vulnerabilities can be patched and working with your organization's third-party vendors to be sure that your systems are as secure as possible.
This is where cyber insurance can help. As insurers and managing general agents (MGAs) enforce requirements for stronger backups, there's been an overall downward trend in the cost and frequency of claims. The statistics are promising, but that still doesn't give organizations the green light to put security in the backseat.
Security controls can quickly become overwhelming. To mitigate this, SMBs should lean on third-party cybersecurity partners and cyber insurance response teams to stay informed of real-time security threats, alerts and actionable remediation guidance specific to their environment. These third-party support systems can greatly reduce the stresses of managing so many security tools and provide proactive strategies so organizations aren't overburdened by security alone. Taking these seemingly small steps toward building a stronger security program may actually make a substantial difference in maintaining a more effective and manageable cybersecurity operation.
Beyond the basics, SMBs could very well benefit from enlisting the security expertise of a chief information security officer (CISO). Data from our survey indicates that 72% of SMBs that need help with security improvements are companies that lack a CISO. However, it's not always practical for SMBs to bring on a CISO, at least in a traditional sense. So, organizations can take alternative routes to improve their security programs. One such option is retaining a virtual chief information security officer, or vCISO. A vCISO is similar to a traditional CISO; the main differentiator is that a vCISO plays more of a consulting role. Frequently, managed service providers (MSPs) offer vCISO services to help smaller organizations pursue their security goals.
Best Practices When Protecting Against Common Attacks
SMBs are very dynamic, and so are cyberattack campaigns, which means it is vital that all employees with access to the network are properly and regularly trained on security policies. That is also why it is critical that your cybersecurity policies are documented, well-communicated and are not shared via word of mouth or only kept by a few individuals. Planning guides are a good starting point for your company's security documents. Further, security leaders should prioritize regularly updating all new protocols, instituting internet use guidelines and establishing consequences for any violations of guidelines and cybersecurity policies.
A strong organizational security strategy also ensures that the correct security controls are in place to protect critical data assets. These will include email security—including spam and phishing protection—advanced endpoint security (not just antivirus), firewall and network protection and web security, among others.
Lastly, don't forget the human element. Regularly educate and train your employees on how to identify and avoid phishing or social engineering attacks. Ensure that they are using robust passwords and enforcing multifactor authentication for privileged and remote access to your network and data services. Organizations, no matter their size, should never consider themselves "done" with investing in their security posture. Maintaining good cyber hygiene and implementing security awareness training is a foundational starting point, but so is staying informed and up to date with the newest prevention technology and being on top of the newest trends in cyberattacks.
- 7 steps to manage stress and build resilience
- How to protect yourself from cyberattacks while working from home
- Two companies involved in building emergency Nightingale hospitals to treat coronavirus patients in the UK have been hit by cyberattacks
- Report Accuses Iran of Cyberattack on U.S. Company Trying to Find Treatment for Coronavirus
- US expected to officially warn China is launching cyberattacks to steal coronavirus research
- How travel companies can remain resilient during the COVID-19 crisis
- Here's why this successful VC says now is a great time to start a company
- To recover from Covid-19, let's build on US history of citizen-led service
- Advice to seniors from seniors about graduating in the time of a national crisis
- We've overcome hard times before
- COVID-19: Time to be cautious, conservative, prudent wherever possible: Edelweiss
- From Chanel Le Crème to O'Keefe's hard-working $7 blend, the best hand creams to soothe and protect your skin
- Revealed: Caddis flies uses plastic waste from their surroundings to build shells but the new protective layer actually makes it EASIER for predators to attack the mysterious underwater insects
- Shanghai passes new law calling for cooperation to protect Chinese sturgeon
- Nigeria, 14 ECOWAS states to benefit from $8m forest protection project
- Children face being sent to DIFFERENT schools with staggered start times and a maximum of 15 pupils to a class under radical plans to reopen classrooms within weeks – if 'posturing' unions don't veto them
- VE Day was the day we decided to build a better world. After coronavirus, we must do it again
- NHS is ALREADY onto Covid-19 app Plan B: Programmers build new contact tracing software after first one didn't work with older mobiles, had problems on iPhones and drained batteries too quickly in Isle of Wight trial
- Nets in times of pandemic: ECB decides to allow players to train, India has the last-mover advantage
- First-time buyers likely to need at least 10% deposits as banks pull 5% deals due to coronavirus
It’s Time For SMBs To Protect Against Cyberattacks And Build Resiliency have 1361 words, post on www.forbes.com at October 3, 2022. This is cached page on Business News. If you want remove this page, please contact us.