Cyberattacks occur regardless of the organizational size and there is always a risk as long as businesses are enabled by technology. Cisco’s 2018 SMB Cybersecurity Report found that 53% of mid-market companies in 26 countries experienced a breach. The digital world shares some creepy characteristics with the physical world, one of which is the abundance of people with bad dispositions. Hackers are in abundance who target vulnerabilities in household internet users and business establishments too. Regardless, not just large sized enterprises are prone to be attacked, small and medium-sized businesses, too, need be vigilant.
There are several misconceptions relating to cybersecurity and these account for the real reasons why SMEs are easy targets. For instance, 51% of small business leaders and 35% of employees just don’t think they’re a target for cybercrime, a recent Switchfast survey of more than 600 small business employees and 100 leaders found.
As a result, many are lacking in basic security hygiene – 66% of SMB employees and 44% of leaders connect to public Wi-Fi to work, 62% of employees and 44% of leaders use their work computers to access personal social media accounts, and 69% of employees and 76% of leaders do not protect their work email with multi-factor authentication. These reasons also what make the SMEs complacent.
As earlier mentioned, the size of the business is does not matter to the nefarious agents, this and not being serious about cybersecurity sums up the first reason why SMEs are responsible for data breaches. The following are other reasons –
Lack of or Poor Investment in Cybersecurity
Hackers are aware of the complacent nature of small businesses when it comes to cybersecurity. They understand that small businesses invest little-to-no money on improving their cybersecurity situation. Ultimately, it gives an easy opportunity for attackers to exploit.
SMEs Can Lead to Blue Chip Organizations
Larger organizations typically have a robust defense system that is difficult to compromise or breach. However, many larger organizations have systems interconnected with small or mid-size businesses.
SMEs are part of the economic value chain. Hackers have found an indirect path to hack/breach the most robust of defense systems found in large corporations; through SMBs. It’s not abnormal for SMBs to provide their products/services to larger organizations, hence forming the lower segment of the economic value chain. Because of this architecture, attackers now view SMBs as a weak link that allows them to easily penetrate the networks of large corps. When hackers compromise the security system of SMEs, penetrating into the defense systems of larger organizations become much easy.
SMEs are More Inclined to Pay Ransom
Since data breaches can often mean doom for small and medium-sized businesses, they are more vulnerable to ransomware attacks because they are highly likely to pay the ransom to save their data and their company from total collapse.
According to the Ponemon Institute, the average cost for small businesses to recuperate after being hacked is about $690,000 and, for middle-market companies, it hovers over $1 million. These costs represent a huge financial burden for SMBs. In fact, according to the U.S. National Cyber Security Alliance, 60% of small companies are unable to sustain their business for more than six months following a cyberattack.
Flexibility of working
Today, an increasing number of smaller companies have been adopting policies that allow employees to use their own devices in the office, and work from remote locations. When an employee accesses his/her computer on public WiFi, they simultaneously place company data at risk. Mobile devices, in particular, are breaking down security walls, as they provide a new gateway for hackers.
Nevertheless, a majority of businesses have confidence in their readiness. About 67% claim to be ‘somewhat prepared’ to deal with cyber incidents, and 87% were confident in the current security systems and protocols they have in place to prevent attacks. Such confidence conflicts somewhat with apparent widespread negligence in auditing systems for vulnerabilities.
Despite the risks posed from a cyber-attack and the concern that businesses have over their security practices, only 53% admitted to conducting a security audit on their system in the past three months, with 11% saying that they could not remember the last time they had done so.
Cybersecurity is a major concern for SMEs and if they fail to pay attention to this all-important aspect, then they are as good as sitting ducks. For small and medium-sized businesses, cyberattacks are a matter of ‘when,’ not ‘if’. Therefore, developing a cybersecurity plan beforehand ensures businesses are not scrambling to stay alive after hackers breach a sensitive server or database.