SMEs Risk Costs Of Up To $2.5m Following A Breach

No matter the size, every entity is now at risk of cyber-attacks, whether through supply chain security lapses, phishing campaigns, or via insider attacks and weaknesses in their own networks.

However, small and mid-market companies have become a lucrative and attractive prospect for cybercriminals. These organisations will often have smaller cybersecurity budgets and may not be able to afford or have hired a chief security officer (CSO) or in-house security team able to take on rapid response duties.

We hear that security is only as strong as the weakest link. It is often employees which fill this niche, but in the overall threat landscape, SMBs can also become a springboard for attacks on larger enterprise companies. According to Cisco's SMB Cybersecurity Report, released on Wednesday 26th September, 53 percent of midmarket companies have experienced a data breach.

Recovering from these attacks can be both damaging and costly. It is not only damage to networks which must be repaired, third-party cyber-forensics teams are often hired, regulators may have to be notified and fines may be imposed, staff training may have to take place, and the victim organization may also pay in terms of their reputation and future business prospects.
The report, which includes 1816 survey respondents across 26 countries and also draws upon results from Cisco's 2018 Security Capabilities Benchmark Study, suggests that 29 percent of SMBs will pay under $100,000 after a data breach. 
However, 20 percent say that the same incident will cost them between $1,000,000 and $2,499,999 to resolve.

In total, 40 percent of SMBs will experience an average of eight hours or more in system downtime due to a data breach; a similar time frame to large enterprise players.

"The difference, though, is that larger organizations tend to be more resilient than small/midmarket businesses following an attack because they have more resources for response and recovery," Cisco notes.

The core systems of SMBs are more likely to be interconnected and tightly woven together as smaller firms do not necessarily need multiple systems spread over different locations. This may cost less to maintain, but when it comes to damage caused by a cyberattack, this is no advantage. 39 percent of respondents said that at least half of their systems have been impacted by a severe data breach in the last year.

When asked about the biggest security challenges they face, small and medium-sized businesses reported targeted attacks such as spear phishing campaigns, advanced persistent threats (APTs), ransomware infections, and Distributed Denial-of-Service (DDoS) attacks as the most concerning prospects.

However, organisations should not ignore the threat of insider attacks. A recent investigation by the tech giant suggests that 0.5 percent of employees conduct suspicious activities while on duty. This does not seem high, but this does translate to at least two employees at a company 400-strong which could undermine entire security structures and defenses with the click of a button.

In response to such threats, many SMEs are turning to cloud solutions to bolster their security. In 2014, roughly half of small to mid-sized businesses said they utilized cloud services; this figure is now closer to 70 percent and adoption is still on the rise.

"Incremental change is better than no change," Cisco says. "In short, they should not let a desire to be "perfect" in their security approach get in the way of becoming "better." Perfect, as in all things, does not exist."

"Small/midmarket businesses also must understand that there is no "silver bullet" technology solution to solve all of their cybersecurity challenges," the company added. "The threat landscape is too complex and dynamic. The attack surface is always expanding and changing. And, in response, security technologies and strategies must continually evolve as well."

ZDNet

You Might Also Read: 

What Every Small Business Should Know About Hackers & Cybersecurity:

 

 

« UK Newspaper Industry Demands Levy On Tech Firms
Machine Learning Algorithms & Police Decision-Making »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Synology

Synology

Synology provides high-performance, reliable, and secure Network Attached Storage (NAS) products.

Kent Interdisciplinary Research Centre in Cyber Security (KirCCS) - University of Kent

Kent Interdisciplinary Research Centre in Cyber Security (KirCCS) - University of Kent

KirCCS harnesses expertise across Kent University to address current and potential cyber security challenges.

Bit4id

Bit4id

Bit4id provides software and systems for security and identification based on PKI technology.

Secure-NOK

Secure-NOK

Secure-NOK provides products and solutions that detect and remove security attacks and harmful events in industrial networks and control systems.

EmergIn Risk

EmergIn Risk

EmergIn Risk specializes in providing innovative insurance solutions for the global marketplace including solutions for complex Cyber Risks.

Montreal International

Montreal International

You’re an entrepreneur planning to launch a company in an innovative sector such as AI, cybersecurity, 'deeptech' or fintech? You’ve found the right place!

Allthenticate

Allthenticate

Allthenticate Single Device Authentication (SDA), enables seamless authentication in both the physical and digital words while unifying management in one easy-to-use interface.

RIA in a Box

RIA in a Box

MyRIACompliance combines our team of RIA compliance experts with an online software platform to help investment advisers better manage regulatory compliance and cybersecurity responsibilities.

Stone Forest IT (SFIT)

Stone Forest IT (SFIT)

Stone Forest IT specialises in providing advisory, implementation and managed services for IT infrastructure, IT security solutions, business applications (ERP and CRM) and business analytical tools.

Eureka Security

Eureka Security

Eureka help organizations securely use any cloud data storage technology they need without having to compromise on security.

Purple Knight

Purple Knight

Purple Knight is a free Active Directory security assessment tool built and managed by an elite group of Microsoft identity experts.

Wavenet

Wavenet

Wavenet has grown from simple beginnings to become one of the UK’s market leaders in unified communications, business telephony, and Cyber Security solutions.

Labaton Sucharow

Labaton Sucharow

Standing on the horizon of law and technology, our Cybersecurity and Data Privacy Practice helps to protect consumers who have been harmed by businesses’ failures to safeguard their customers' data.

HWG

HWG

HWG is a company specialized in providing cyber security solutions and consulting services.

Aardwolf Security

Aardwolf Security

Aardwolf Security specialise in penetration testing to the highest standards set out by OWASP. We ensure complete client satisfaction and aftercare.

ClearSale (CLSA3)

ClearSale (CLSA3)

Clearsale’s innovative fraud solutions combine advanced technology with a passionate team of seasoned experts that understand every client’s unique needs.