The Cyber Delusion Challenge For Small & Medium Businesses

Growing dangers around cyber threats in the current disruptive landscape are a real concern for SMBs. Cyber attacks against businesses doubled in 2021 compared to the previous year according to SiteLock, yet nearly half (48%) of SMB website owners still think they’re not big enough to be troubled by cyber threats.  
 
With mounting risks, education and training need to be properly explored in organisations. The right knowledge can help employees use IT efficiently and safely, and block threats at the door.

Creating A Solid Cyber Defence Strategy With The Right Training

Cybersecurity training allows SMBs to approach their security strategy cost effectively. Employees will have the knowledge they need to spot attempted cyber attacks and ensure they're using defensive actions when accessing a business' systems.  

Prevention is at the centre of cyber awareness programmes. According to the Cyber Security Breaches Survey 2022 produced by the UK Government, nearly four in ten (39%) UK businesses identifying a cyber attack over the last 12 months, but only 8% of organisations have set up multifactor authentication and forced employees to change passwords since their most disruptive breach or attack of the last 12 months, in cases where breaches had material outcomes.

Taking steps towards preventative measures is vital, as it helps stop cyber attacks dead in their tracks.

When it comes to educating staff, and ensuring that the expertise to defend against bad actors is  shared within teams, the advantages of cybersecurity training are endless. However, knowing how to implement it or where to start can be a challenge for SMBs. 

What Main Areas Does Cybersecurity Awareness Training Need To Address?

Cybersecurity is no longer just about technology, it's also about people. In today's hybrid work landscape, SMBs need to empower employees to aid in reducing a business' attack surface for cybercriminals, this can be quickly achieved by implementing a cyber awareness programme. Implementing a cyber awareness programme into your business can provide a structured approach to managing human risk. 

The first step to developing a mature cyber awareness programme is to evaluate human risks and employee behaviour on how they are using business systems. Once businesses understand their employees' cybersecurity behaviours, and the mounting ransomware threat, business leaders can better assess what systems to focus on to improve security and overall cyber resilience. 

The second phase to implementing a mature cyber awareness programme is invoking change. SMBs must provide employees with the right know-how to identify and deal with cyberattacks or risk becoming the victim of what could be a crippling attack. 

While there's no one-stop-shop to achieving an educated workforce, it is a good idea to start with some of the basics, which includes educating employees on phishing, the need for strong passwords, and encouraging software patching: 

1.    Phishing – phishing is where a cybercriminal pretends to be someone else in an email to steal credentials and information from the organisation. To mitigate this risk, SMBs should educate employees on what to look for in an email, such as identifying the sender, reading the email thoroughly, and observing the link or attachment in the email before clicking or opening it. Whenever in doubt, employees should be encouraged to contact the email sending through another means, other than email.

2.    Passwords – it's good practice for employees to use strong passwords, however, this is no longer sufficient to protect against modern cybercriminals. SMBs should be implementing multi-factor authentication, which improves security by combining employee passwords with one-time passcodes, biometrics or more. The vast majority of SaaS platforms (i.e. Microsoft 365, Google Workspace, Salesforce, etc.) offer this for free.

3.    Patching – software updates often address vulnerabilities in software. If left unpatched, organisations risk having attackers exploit these vulnerabilities to wreak havoc. Conducting patching regularly is a simple yet effective way to improve security.

With increased sophiscation of cybercrime tools, plus the worrying backdrop of cyber warfare in the current climate, SMBs need to consider their own cyber defence strategies keenly.

Unfortunately, there’s a reticence to invest in training, as it necessitates the setting aside of budget, but by keeping on top of it now and regularly checking online resources, alongside investing in training programmes, businesses can save a lot of money down the line.  

John Davis is Director UK & Ireland of  SANS Institute EMEA

You Might Also Read:  

Most SMEs Do Not Provide Cyber Security Training

 

« Identity & Authentication For Mobile Users
Half Of Phishing Emails Target LinkedIn Accounts »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

SealPath

SealPath

SealPath enables companies to protect and control their documents wherever they are: In their PC, in their corporate network, on a partner’s network, in the cloud.

Spambrella

Spambrella

Spambrella provides email security with real-time threat protection. 100% SaaS (nothing to install)

Cyber Security Centre - University of Hertfordshire

Cyber Security Centre - University of Hertfordshire

The Cyber Security Centre provides training, teaching and research in the fast paced topics of cyber security and digital forensics.

ADF Solutions

ADF Solutions

ADF Solutions is a leading provider of digital forensic and media storage exploitation tools.

Emerson Electric Co

Emerson Electric Co

Emerson provides industrial automation systems and associated cybersecurity solutions to protect critical process control systems from cyber attack.

GreyCampus

GreyCampus

GreyCampus is a leading provider of training for working professionals in the areas of Project Management, Big Data, Data Science, Service Management, Quality Management and Information Security.

Stage2Data

Stage2Data

Stage2Data is one of Canada’s most trusted cloud solution providers offering hosted Backup and Disaster Recovery Services.

TrueFort

TrueFort

TrueFort take an application-first approach that offers comprehensive protection for real-time visibility and analysis, protection and better communication across business, IT, and security teams.

iSTORM

iSTORM

iStorm specialise in supporting organisations who require a range of Privacy, Security and Penetration testing related services.

Material Security

Material Security

Material is solving one of the most fundamental problems in security: protecting the data sitting in mailboxes.

Rimini Street

Rimini Street

Rimini Street is a global provider of enterprise software support products and services, and the leading third-party support provider for Oracle and SAP software products.

StarLink

StarLink

StarLink is an acclaimed Value-Added Distributor across the Middle East, Turkey and Africa regions with on-the-ground presence in 20 countries including UK and USA.

Guardz

Guardz

Guardz helps small and growing businesses to go from zero or low cyber protection to having comprehensive security – in the quickest and most straightforward way.

Sidcon International Consulting Company

Sidcon International Consulting Company

SIDCON International Consulting Company has been providing consulting services since 2002 for private and public organizations in Ukraine and other countries.

ZAG Technical Services

ZAG Technical Services

ZAG Technical Services is an award-winning information technology consulting firm delivering digital transformation solutions, IT assessments, managed services, security, and support.

Invisinet Technologies

Invisinet Technologies

Invisinet is a cybersecurity technology company specializing in innovative solutions that protect network infrastructure and critical assets from advanced threats.