The Cyber Delusion Challenge For Small & Medium Businesses

Uploaded on 2022-04-25 in TECHNOLOGY--Resilience, JOBS-Training, FREE TO VIEW

Growing dangers around cyber threats in the current disruptive landscape are a real concern for SMBs. Cyber attacks against businesses doubled in 2021 compared to the previous year according to SiteLock, yet nearly half (48%) of SMB website owners still think they’re not big enough to be troubled by cyber threats.  
 
With mounting risks, education and training need to be properly explored in organisations. The right knowledge can help employees use IT efficiently and safely, and block threats at the door.

Creating A Solid Cyber Defence Strategy With The Right Training

Cybersecurity training allows SMBs to approach their security strategy cost effectively. Employees will have the knowledge they need to spot attempted cyber attacks and ensure they're using defensive actions when accessing a business' systems.  

Prevention is at the centre of cyber awareness programmes. According to the Cyber Security Breaches Survey 2022 produced by the UK Government, nearly four in ten (39%) UK businesses identifying a cyber attack over the last 12 months, but only 8% of organisations have set up multifactor authentication and forced employees to change passwords since their most disruptive breach or attack of the last 12 months, in cases where breaches had material outcomes.

Taking steps towards preventative measures is vital, as it helps stop cyber attacks dead in their tracks.

When it comes to educating staff, and ensuring that the expertise to defend against bad actors is  shared within teams, the advantages of cybersecurity training are endless. However, knowing how to implement it or where to start can be a challenge for SMBs. 

What Main Areas Does Cybersecurity Awareness Training Need To Address?

Cybersecurity is no longer just about technology, it's also about people. In today's hybrid work landscape, SMBs need to empower employees to aid in reducing a business' attack surface for cybercriminals, this can be quickly achieved by implementing a cyber awareness programme. Implementing a cyber awareness programme into your business can provide a structured approach to managing human risk. 

The first step to developing a mature cyber awareness programme is to evaluate human risks and employee behaviour on how they are using business systems. Once businesses understand their employees' cybersecurity behaviours, and the mounting ransomware threat, business leaders can better assess what systems to focus on to improve security and overall cyber resilience. 

The second phase to implementing a mature cyber awareness programme is invoking change. SMBs must provide employees with the right know-how to identify and deal with cyberattacks or risk becoming the victim of what could be a crippling attack. 

While there's no one-stop-shop to achieving an educated workforce, it is a good idea to start with some of the basics, which includes educating employees on phishing, the need for strong passwords, and encouraging software patching: 

1.    Phishing – phishing is where a cybercriminal pretends to be someone else in an email to steal credentials and information from the organisation. To mitigate this risk, SMBs should educate employees on what to look for in an email, such as identifying the sender, reading the email thoroughly, and observing the link or attachment in the email before clicking or opening it. Whenever in doubt, employees should be encouraged to contact the email sending through another means, other than email.

2.    Passwords – it's good practice for employees to use strong passwords, however, this is no longer sufficient to protect against modern cybercriminals. SMBs should be implementing multi-factor authentication, which improves security by combining employee passwords with one-time passcodes, biometrics or more. The vast majority of SaaS platforms (i.e. Microsoft 365, Google Workspace, Salesforce, etc.) offer this for free.

3.    Patching – software updates often address vulnerabilities in software. If left unpatched, organisations risk having attackers exploit these vulnerabilities to wreak havoc. Conducting patching regularly is a simple yet effective way to improve security.

With increased sophiscation of cybercrime tools, plus the worrying backdrop of cyber warfare in the current climate, SMBs need to consider their own cyber defence strategies keenly.

Unfortunately, there’s a reticence to invest in training, as it necessitates the setting aside of budget, but by keeping on top of it now and regularly checking online resources, alongside investing in training programmes, businesses can save a lot of money down the line.  

John Davis is Director UK & Ireland of  SANS Institute EMEA

You Might Also Read:  

Most SMEs Do Not Provide Cyber Security Training

 

« Identity & Authentication For Mobile Users
Half Of Phishing Emails Target LinkedIn Accounts »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Arcitura Education

Arcitura Education

Arcitura is a leading global provider of progressive, vendor-neutral IT training and certification programs.

Thinkst Applied Research

Thinkst Applied Research

Thinkst is an Applied Research company with a deep focus on information security.

H3Secure

H3Secure

H3 Secure focuses on Secure Data Erasure Solutions, Mobile Device Diagnostics and Information Technology Security Consulting.

Arkose Labs

Arkose Labs

Arkose Labs' Fraud and Abuse Platform combines Telemetry and adaptive Enforcement Challenges to break down the ROI of fraudsters and protect digital businesses.

GLESEC

GLESEC

GLESEC offer a complete range of Cyber Security services from Operations & Intelligence Services to Auditing & Compliance and Simulation and Training.

Chicago Quantum Exchange (CQE)

Chicago Quantum Exchange (CQE)

Chicago Quantum Exchange is an intellectual hub and community of researchers with the common goal of advancing academic and industrial efforts in the science and engineering of quantum information.

Enet 1 Group1

Enet 1 Group1

Enet 1 Group audits, assesses, recommends, and delivers tested solutions for the ever-increasing threats to your critical systems and digital assets

ABCsolutions

ABCsolutions

ABCsolutions is dedicated to assisting businesses and professionals achieve compliance with federal anti-money laundering regulations in an intelligent and pragmatic way.

Wisetek

Wisetek

Wisetek is a global provider of end-to-end IT Asset Disposition (ITAD), reuse and secure data destruction management services to the world’s leading IT Corporations, data centres and manufacturers.

SEALSQ

SEALSQ

For the last 25 years, SEALSQ have been developing secure semiconductor chips, secure embedded firmware, and tested hardware provisioning services to serve the vision of a safer connected world.

Xeol

Xeol

Software free of vulnerabilities, built and distributed by trusted entities. Our mission is to help customers secure their software from code to deploy.

Digital Security Authority (DSA)

Digital Security Authority (DSA)

The establishment of the Digital Security Authority, which incorporates the National CSIRT, is crucial to significantly raising the cybersecurity posture and capabilities of Cyprus.

GitLab

GitLab

GitLab is a complete DevOps platform, delivered as a single application, fundamentally changing the way Development, Security, and Ops teams collaborate and build software.

DNSFilter

DNSFilter

DNSFilter is the most accurate threat detection and content filtering tool on the market today.

M7 Services

M7 Services

M7 Services are a comprehensive Managed Services Provider (MSP) with a focus on delivering cutting-edge information technology solutions and unparalleled customer service.

Screwloose IT

Screwloose IT

Screwloose IT are a national provider of information technology services. We specialise in managed IT, cloud services, cyber security, website design and digital marketing for businesses of all sizes.

CrashPlan

CrashPlan

CrashPlan provides peace of mind through secure, scalable, and straightforward endpoint data backup.