Building IT security resilience in your SME

By August 18, 2022 No Comments

Without exaggerating or being alarmist, CyberSecurity is a critical concern for SMBs today. Not convinced? Well, the statistics speak more or less for themselves and make for interesting reading.

A UK-based SMB gets hacked every 19 seconds, and 74% of SMBs have fallen victim to a security breach. The average cost of a small business data breach also rose from £115,000 to £310,800.

And the reality is that, without robust and mature CyberSecurity your business is incredibly vulnerable to various cyber threats. And there are a variety of them out there including:

  • Ransomware which can lead to the loss of valuable data, IP (intellectual property), or a disruption in operations.
  • Data breaches and data theft via techniques like Phishing that can cause reputational and financial harm through sensitive data leaks or extortion.
  • DDoS (Distributed Denial of Service) which can cripple service delivery, resulting in missed opportunities and can also be used as leverage for extortion.

At the same time, it’s also becoming increasingly important to comply with data privacy and protection regulations which have a data security component. Failing to do so can lead to stiff fines or leave your business open to legal action should an attack affect your customers.

So having a CyberSecurity plan for all of this really matters for your SME.

Why does CyberSecurity matter more than ever post-pandemic?

An increase in the level of Cloud adoption and other disruptive technologies was already inevitable and happening before COVID-19.

By the end of 2021, 67% of all business infrastructure was cloud-based. Spending on cloud infrastructure rose from $130 billion in 2020 to $178 billion in 2021. And there’s still plenty of room to grow. By 2030, some estimate that the cloud computing market will be worth over $1.5 trillion.

However, the pandemic with its stay-at-home policies and restrictions on the ability to travel significantly accelerated the timeline. And that has continued post-pandemic with many businesses moving to a hybrid working model that is powered by Cloud-based products. In fact, fully embracing the benefits of the Cloud is key to competitive success for most SMEs today.

And the Cybercriminals know this which is why they are upping their efforts to target smaller businesses. While the rest of the world came to a standstill, Cyber Criminals set new records. In terms of the number of attacks, the variety of tactics, the malware deployed and financial damage caused.

In 2021 alone, cyberattacks soared by 150% relative to the previous year. While there has been a dip since then, activity levels are still well above pre-pandemic levels.

The dangers of complacency and “alert fatigue” can be costly

Today, we’re inundated by news of different types of high-profile Cyber Attacks. Not to mention the continuous calls for improved CyberSecurity and data protection from the public, business partners and governments.

All of this can be overwhelming, particularly for SMEs who already have their hands full. Struggling to manage the after-effects of the pandemic and new challenges like the cost of living crisis. At times, the constant pressure from CyberSecurity alerts can feel like just more noise. In fact, 39% of business owners say they feel overwhelmed by the number of alerts they receive and even 70% of security teams feel emotionally overwhelmed by security alert volumes.

According to a study by Arctic Wolf, this leads 55% of owners to deprioritize CyberSecurity concerns. However, the reality is that this can be a false economy – with as many as many as 60% of SMEs shutting down permanently just six months after experiencing a data breach.

The red flag around not investing and upgrading legacy infrastructure

Plenty has been said about the CyberSecurity risks of adopting new technologies. However, legacy systems are very often just as big an issue. We see four key issues with them as follows

  • Firstly, many legacy systems are built on monolithic technical architectures which can represent a single point of failure. With all your business or data eggs in one basket any security breach or physical disaster in these circumstances can be catastrophic.
  • Secondly, legacy and Cloud systems are becoming increasingly interconnected. And, more and more, capabilities are moving to the Cloud. For example, it’s estimated that the average employee in 2022 will use 30+ cloud services daily. As the technology surrounding legacy systems advances the risk of incompatibilities only increases and hackers are always on the lookout for these incompatibilities. Because they can easily be exploited to initiate a cyberattack.
  • Thirdly, legacy systems were only designed to withstand the main security concerns at the time of development. As time goes on, the variety and types of threats continue to grow. Because of their inflexible architectures and a lack of development, they are becoming increasingly susceptible to a broader range of Cyber Threats like a small business data breach. Without modern architectures that are modular and easy to update, it’s also harder to implement additional security layers as new threats arise.
  • And lastly, the longer a legacy system is in use without being officially decommissioned, the bigger the chance it has of becoming orphaned. That means that the hardware or software is still around and may even have a certain amount of system access. However, no one is officially managing or overseeing these systems. Which makes it an easier target for Cyber Attackers which can allow them to gain a foothold for a long period in your business without being detected.

How are SMEs waking up to the changing IT security environment

Clearly, SMBs – like most sections of the business population – are facing unprecedented threats to their CyberSecurity. However, with limited resources, they also have to be smart about how they build up their CyberSecurity readiness and develop Cyber Security solutions for their small business.

This has 2 main implications:

  • First of all, that means having the necessary expert planning in place. This is a pre-requisite for developing a structured, cost-effective but risk-appropriate CyberSecurity strategy.
  • Secondly, it means investing adequately in your workforce by providing them with the knowledge, resources and CyberSecurity awareness training to handle the overwhelming number of security threats they are facing daily

In an ideal world, businesses would handle all of their CyberSecurity in-house. However, this is not feasible from a financial or managerial standpoint for most SMEs. The sheer complexity and volume of threats being faced, combined with the expert technical expertise needed make it a cost that most SMEs simply can’t carry in-house.

Instead, working with a third-party IT support provider that specializes in CyberSecurity for SMEs can be the answer. A trusted provider like this can work as a CyberSecurity partner can provide you with the advice experience, and expertise to develop a workable security strategy based on your needs. And also potentially as part of a wider fully Managed IT support based approach which makes all of it more cost-effective or your business all round.

This type of provider will have an expert team of IT specialists that are experienced in working with other SMEs to help them solve the same type of CyberSecurity issues you are facing. And you can tap into this expertise to protect your own business and get the peace of mind you need that your systems are safe and secure for your employees, your customers and your business partners.

Can we help?

Very often with CyberSecurity it is the risks that you are not aware of that are the biggest threat.

If you are experiencing issues around CyberSecurity then we can help. So please feel free to contact us for a no-obligation discussion around your specific security needs.

We look forward to helping you.