continuing at a relentless pace, with the vast majority of data
breaches coming from outside the
organization.
Some believe hackers are aggressively targeting these smaller
firms because they believe SMBs lack adequate resources and
enterprise-grade security tools, making them easier prey than
larger businesses.
A new report from Cisco, however, challenges this assumption.
SMBs have made significant
strides[2] enhancing their security
protocols and are closing the gap with their bigger counterparts.
The report notes 87 percent of SMB business owners rank security a
top priority, and more than 99 percent have a dedicated resource
focusing on security.
SMBs are also becoming more diligent about defining metrics to
assess their security effectiveness and implementing security
controls and tools at rates similar to large enterprises.
No doubt, the emergence of security solutions developed
specifically for SMBs is supporting this trend. Security tech
providers are now offering affordable tools that cover multiple
attack vectors, making it easier and more cost-effective for SMBs
to improve their defenses.
Reason
Cybersecurity[3], for example, includes
real-time protection capabilities alongside its anti-virus,
anti-ransomware, and anti-malware functionalities. It also protects
unauthorized applications from accessing communications peripherals
like webcams and microphones, often used by hackers to spy on team
members and steal sensitive information remotely.
cybersecurity solutions among SMBs are certainly positive
developments. With enterprise-style protection now available to
literally any size organization, the threat can be dramatically
minimized for any size organization.
Yet even with improved technology to reduce threats, the human
factor[4] is still a significant
concern; one single misstep by an employee can cause a breach that
leads to a major security incident. To achieve a truly effective
security posture, SMBs must put systems in place to minimize human
error that can turn an unintentional mistake into a security
disaster.
The Psychology of Human Error
The reality is this: Humans make mistakes. A Tessian study found
that 88 percent of data
breaches can be linked to human error. That doesn’t necessarily
mean that humans are the “weak link” in your organization’s
security, but it is important to understand how and why they make
these all-too-human errors. As Tessian points out, employees have
psychological reactions to stimuli and judgment that make them
likely to commit errors and be susceptible to manipulation.
Hackers use social engineering
attacks[6] like phishing to take
advantage of these human tendencies, cleverly manipulating users
into giving up sensitive information or downloading and running
malware onto their work devices.
Hackers carefully disguise these phishing emails to circumvent
security measures like spam filters, with requests for sensitive
data or access often appearing to come from a trusted colleague.
Because we have little resistance to following our colleagues’
requests, it’s quite possible for a normally security-savvy team
member to click on a malicious link or send sensitive
information.
Those seemingly innocent clicks make ransomware a growing
threat, too; take the recent
cyberattack[7] that successfully
disrupted Garmin Connect, flyGarmin, and Garmin Pilot, resulting in
days-long outages. Garmin reportedly paid the multimillion-dollar
ransom[8] to restore functionality
across their network of users.
Massive attacks like these are the ones that get media mileage,
yet SMBs are not immune. Almost half (46 percent) of SMBs have been
targeted by ransomware, and nearly three out of four victims have
paid a ransom to restore control of their systems.
Addressing the Issue
Clearly, there’s a critical need to adopt technical solutions that
protect vulnerable areas where humans interact with possible risks.
For example, installing security solutions on each workstation –
especially now with so much of the world’s business being done
remotely – can protect against attacks that could occur over the
course of a typical workday.
Moreover, the human element must be taken into account when
assessing any security strategy. Staff education and training are
crucial. Team members must know how to use the organization’s tech
resources securely and properly.
At the same time, they must be able to recognize social
engineering attacks or dubious networks and devices. Continuous
real-time training can help develop this security-first
mindset.
Just as SMBs can now access enterprise-strength security
solutions, they can also take advantage of security apps and
services that minimize human input into certain tasks. For example,
many businesses still process card payments manually and store the
information insecurely, leaving them exposed to data breaches.
A simple solution is to use a trusted third-party payment
processor that allows customers to securely pay for orders and
invoices without requiring human staff to access and handle
customer financial data.
Businesses should also look for ways to maximize the
capabilities of their existing security solutions. Reason for
Business, for instance, provides developer tools that allow users
to integrate their security solution across the organization’s
other apps.
features into their own applications that filter spam, suspicious
URLs, and potential attacks across the board. Their real-time
alerts and notifications make it easy to keep IT teams informed and
communicate quickly when security concerns arise.
Committing to Improvement
Cyberattacks are part of today’s business landscape; it’s a threat
as real as fire, theft, or any other possible loss. Regardless of
their size, businesses are more focused than ever on making
cybersecurity a priority for their organizations. This improvement
in mindset – especially among SMBs — is noteworthy. The
availability of affordable tech solutions should enable more SMBs
to secure their infrastructure.
Beyond these measures, SMBs must be more vigilant about managing
the human element of security. Simple human error continues to
present a very real risk.
Training, automation, and using solutions that cover previous
security blind spots will help develop that critical security-first
mindset.
References
- ^
coming from outside the
organization (enterprise.verizon.com) - ^
made significant strides
(www.cisco.com) - ^
Reason Cybersecurity
(www.reasonsecurity.com) - ^
human factor
(thehackernews.com) - ^
88 percent of data breaches
(www.tessian.com) - ^
social engineering attacks
(www.imperva.com) - ^
the recent cyberattack
(thehackernews.com) - ^
multimillion-dollar ransom
(www.theverge.com)
Read more http://feedproxy.google.com/~r/TheHackersNews/~3/SUGhp8SVVek/smb-cybersecurity.html