With the ever-evolving and highly sophisticated cyber threat landscape, online security for SMBs is no longer an option, it’s a necessity. Hackers and other threat actors are becoming more savvy and inventing new ways to attack large and small businesses alike. And IT professionals face an even greater challenge to keep ahead as we emerge from the pandemic that forced businesses to move their operations to a hybrid or remote work model. Why? The sticky plaster infrastructures that many businesses swiftly put in place to facilitate home working in the first lockdown were not intended to last over an extended period of time. Too often, they are significantly less secure than office environments leaving a business exposed to security threats.
The UK government’s 2021 Cyber Security Breaches Survey highlights how COVID has made cyber security harder, reporting that 47% of businesses have staff using personal devices for work and only 23% covering home working in a security policy. Now, with hybrid work here to stay for the foreseeable future, businesses of all sizes must reevaluate their priorities and ensure that security is at the forefront of business planning.
Ransomware and automated attacks are on the rise
Currently, ransomware is one of the biggest security fears for organisations, and one that should not be underestimated by smaller enterprises. Earlier this year, the Acronis Cyber Threats Report highlighted this as one of the top priorities for any business reassessing its security set-up.
Not only is ransomware becoming more prevalent, with the number of attacks nearly doubling between 2020 and 2021, but it is also becoming increasingly costly. In fact, Sophos’ State of Ransomware Report 2021 found that the average cost for ransomware recovery had skyrocketed from $761,106 in 2020 to $1.85 million in 2021. The problem with these forms of attack is that the ransom is only a small part of the true cost. Not only is there business downtime, lost orders and operational costs to account for, but the loss of customer trust is immeasurable, especially for SMBs.
Acronis also flagged the rise of automation in cyber attacks. As much as the IT world is currently turning to automation to improve operations, cybercriminals are using automated techniques to design and launch cyber attacks. Hackers are now opting to utilise bots and other sophisticated tools to find and exploit vulnerabilities in organisations. As these attacks require little to no human intervention, they are incredibly efficient and can have devastating consequences.
Automated attacks seek to overwhelm or breach an organisation’s defences and can often feel like a daunting task to overcome, especially for smaller businesses that may not have a dedicated IT security department. However, taking advantage of advances in automation and updating tools and procedures in line with the latest technology can help protect against ransomware and automated attacks.
Declining cyber health and hygiene
In 2020, as a huge portion of the UK workforce retreated to the safety of their homes, business cyber health took a big hit. Effective cyber hygiene practices simply require good daily security routines for employees that help mitigate against the most common risks. However, these routines are considerably harder to enforce remotely. Not only are home-working networks less secure than offices, but there is less monitoring of employees’ work habits, meaning bad choices such as poor passwords and failure to back up data are much more common.
Cybercriminals have been quick to take advantage of the sub-par conditions of home working and so organisations should be quick to implement robust, long-term, security measures and educate all employees on the importance of good cyber hygiene.
Managed Service Providers
In the current environment, managed service providers (MSPs) are becoming an increasingly popular solution for businesses of all sizes. By choosing a suitable MSP, organisations can gain access to the very latest security services and also significantly reduce overhead security costs. A recent study by Kaspersky found that approximately 70% of organisations have reported plans to outsource security to an MSP during the next 12 months.
Choosing an MSP is not a decision that should be taken lightly. Picking the wrong one, that does not provide the right type of security, can leave businesses dangerously exposed. As more SMBs begin to outsource their IT needs to MSPs, they are also beginning to attract the attention of hackers. By breaching just one MSP, threat actors can gain access to the data of numerous SMBs.
When outsourcing IT requirements, it’s vital that businesses thoroughly research that their chosen MSP can provide flexibility, clear SLAs, but most importantly that they have robust security features in place. The right choice of MSP can provide multiple layers of advanced security for even the smallest business, offering the highest level of protection from both insider and outsider threats.