Cybercrooks just love going after small and medium-sized businesses since they are more vulnerable to cyberattacks than large organizations that have cybersecurity teams and top-notch security solutions in place. This makes those smaller organizations not only more vulnerable, but attacking them also does not require sophisticated tactics or tools, a simple bot botnet, RaaS toolkit (Ransomware as a Service) or phishing kits can already do the trick. Let’s have a closer look at the three main issues that make SMBs so attractive for cybercrooks.
- To start with the obvious, companies of all sizes need to purchase multiple security systems to protect key entry points, hire security professionals and use managed security services. For small and medium-sized companies, this is a substantial investment which puts a strain on the company’s cybersecurity budget. Apart from the extra man hours, this also entails purchasing additional security solutions. Although the majority of the IT managers and security managers of SMEs/SMBs have increased their security budgets and efforts in 2017, less than half believe that their organization is protected against cyberattacks. This is a major worry, since 60% of SMBs that were victims of cyber attacks never recovered from the attack and had to close down within 6 months after the attack.
- The average SMB has 2-3 IT employees dealing with cybersecurity amongst their many other tasks. To stay up to date, they need ongoing security education and threat awareness training. This includes being aware of the latest regulations (e.g., GDPR) as well as the latest attack vectors that cybercrooks use. They need to be on top of the latest threats and the best ways to mitigate and respond to them. This is easier said than done, any small or medium-sized enterprise with limited resources, does not have the luxury to send its staff to conferences, courses or other educational training programs that drain their budget.
- SMEs/SMBs often have direct or indirect business connections with larger enterprises making them the ideal gateway for cybercrooks getting larger pickings. To illustrate: The cybercriminals behind the breach of Target’s systems in November 2013 gained access to Target’s system by penetrating the network of the small business that Target used for heating and air conditioning services. The pickings? The theft of personal information of 70 million individuals.
But it is not all gloom and doom for SMEs and SMBs. Since they are more agile than their big counterparts, they are more flexible in choosing tools to help them. They seek solutions that match their size and needs, which might be different from the ones used by large organizations. Small and medium-sized companies with small IT teams often turn to autonomous systems (e.g., a BAS platform) and Managed Security Service Providers to help them not only detect but also mitigate security threats.
For organizations of all sizes, testing their security posture regularly is essential. Cymulate’s Breach & Attack Simulation (BAS) platform is a great tool for cybersecurity and IT managers to help them to detect and mitigate vulnerabilities. The platform simulates cyberattacks against the organization and validate if its security products are working properly to defend against known and unknown cyber threats.