Small Businesses, Large Gaps in Cyber Knowledge & Security
Contributions from Wen Sin Lim
Small and medium sized businesses (SMBs) are generally thought of as easier targets than larger organizations which also renders access to the latter. CISCO took a closer look at the technology trends, especially in relation to cybersecurity, across 3,700 SMBs from among 14 markets in Asia Pacific[1]. The report reveals common challenges that SMBs face in dealing with the ever-changing cybersecurity landscape and how they can improve overall cybersecurity posture.
The theme of the paper is that ‘Cybersecurity is Foundational in Our New Digital Normal’. Where businesses used to turn to technology out of necessity (i.e., for survival), they are now keen to leverage it to thrive in the new normal. At the same time, SMBs are more apprehensive about cybersecurity risks, with 75% being more worried about cybersecurity now than a year ago given that an equal percentage believe a major cyber incident could spell the end to their organisation.
Outpaced by the Ever-Evolving Cybersecurity Landscape
Ransomware threats are growing by the day[2] and it is a constant race to stay ahead of cybercriminals by addressing the latest threat vector as they surface. It does not bode well for the white hats that cybercrime services are getting increasingly accessible, with a single ransomware kit going for as little as $66[3].
A third of the SMBs surveyed attributed their cyber incidence to not having a cybersecurity solution. It is entirely possible that this group has chosen to solely turn toward insurance to cushion the financial impact any security incident might have on their business[4].
For the larger population (39%) that reflected that existing cybersecurity solutions were inadequate to detect and prevent an attack, fear appears to be a conspicuous sentiment among SMB leaders. Despite a significant injection of funds into cybersecurity solutions — nearly two in five SMBs in the region raised their cybersecurity expenditure by more than 5% — an overwhelming 84% of SMBs feel exposed to cyber threats. Compared to the fear sentiment, actual incidence of cyber attacks is pegged significantly lower, with 56% having suffered a cyber incident in the past 12 months.
This atmosphere of heightened fear need not necessarily be unfounded for underreporting of cyber incidents is a common phenomenon[5].
Another plausible reason is that SMBs are not investing in the right technology. Presently, 63% of SMBs spend at least 4% of annual revenue on cybersecurity, a significant sum particularly for SMBs. The increased spending on cybersecurity in recent years is paired with a growing maturity in SMBs’ understanding of cybersecurity. Apart from investing in solutions to improve technology, SMBs also look towards engaging talent to enhance their in-house processes. Combined with the provision of personnel training, it suggests a holistic approach that should theoretically be sufficient measure against cyber threats.
However, this means having a myriad of products and solutions in their infrastructure that SMBs are unable to keep track of or fully utilise, which is decidedly not better than having none. The crux to building a strong security posture therefore involves integration[6]. A failure to integrate creates complexity in operations and unwanted delays in the event of a cyber incident — and all at a higher cost.
From Doom to Gloom within Hours
The majority of SMBs that suffered an incident experienced loss of some kind, the most common of which was loss of customer data. Although this loss is not as immediate and hard-hitting as monetary loss, it is nevertheless a notable consequence that has negative implications for customer trust (and therefore business)[7].
Revenue loss is the most straightforward impact, in that six in 10 SMBs surveyed have had personal encounters with such. However, this loss does not manifest in a linear fashion. In cybersecurity, time is of the essence, but this is especially true in the event of a cyber incident. Detection rarely happens in under an hour — beyond which time, the financial impact would be compounding upon itself. 85% of SMBs in Asia Pacific said that a downtime of anything more than an hour results in operational disruption, alongside legal ramifications. Perhaps the most pertinent finding is this: downtime of one day or more could also potentially result in the closure of an entire organisation.
The Final Frontier
SMBs that are well set to navigate their way through the treacherous cybersecurity landscape we find ourselves mired in have a few common traits. They typically:
- have faith that their employees understand cybersecurity in general, the seriousness of a potential attack, and their role in it all
- engage in discussion frequently about their risks, exposures and issues that they face, if not daily
- have conducted scenario planning or simulations within the last 12 months to ensure that they can get the business up and running as quickly and efficiently as possible even after an attack
Discussion and transparency on the topic are key, so is scheduling frequent, regular meetings among senior leaders and all stakeholders as consideration for the evolving threat landscape ought to be incorporated into business planning. The 63% of SMBs that did not have an (adequate) incident response plan were among the first to falter when under attack.
When navigating the oversaturated cyber solutions market, SMBs ought to look out for targeted solutions, preferably in the form of an integrated, platform approach for the following purposes:
- to connect disparate pieces of products and solutions
- to enable clear visibility of their entire security infrastructure
- to ensure seamless deployment when the system is tested in a real-world situation
- to secure their operations while scaling their business
- to aid in savings[8]
Check us out on Twitter: https://twitter.com/m49D4ch3lly/status/1453183286784581633?s=20
#SMBcybersecurityAPJC #cisco
https://www.instagram.com/tv/CVh9RAWJz0j
References:
[1] “Cybersecurity for SMBS: Asia Pacific Businesses Prepare for Digital Defense.” Cisco, 30 Sept. 2021, https://www.cisco.com/c/en_sg/products/security/cybersecurity-for-smbs-in-asia-pacific/index.html
[2] Lohrmann, Dan. “Data Breach Numbers, Costs and Impacts All Rise in 2021.” GovTech, 10 Oct. 2021, https://www.govtech.com/blogs/lohrmann-on-cybersecurity/data-breach-numbers-costs-and-impacts-all-rise-in-2021
[3] Whitney, Lance. “Dark Web: Many Cybercrime Services Sell for Less than $500.” TechRepublic, 13 Oct. 2021, https://www.techrepublic.com/article/dark-web-many-cybercrime-services-sell-for-less-than-500
[4] Johansmeyer, Tom. “Cybersecurity Insurance Has a Big Problem.” Harvard Business Review, 30 Aug. 2021, https://hbr.org/2021/01/cybersecurity-insurance-has-a-big-problem
[5] “Oh, Behave! the Annual Cybersecurity Attitudes and Behaviors Report 2021.” CybSafe, 5 Oct. 2021, https://www.cybsafe.com/research-papers/cybersecurity-attitudes-and-behaviors-report-2021
[6] Aiyer, Bharath, et al. “Securing Small and Medium-Size Enterprises: What’s next?” McKinsey & Company, 25 Mar. 2021, https://www.mckinsey.com/business-functions/risk-and-resilience/our-insights/securing-small-and-medium-size-enterprises-whats-next
[7] “Small Business Reputation & The Cyber Risk.” KPMG, https://assets.kpmg/content/dam/kpmg/pdf/2016/02/small-business-reputation-new.pdf
[8] “IBM Report: Cost of a Data Breach Hits Record High during Pandemic.” IBM Newsroom, https://newsroom.ibm.com/2021-07-28-IBM-Report-Cost-of-a-Data-Breach-Hits-Record-High-During-Pandemic
By Magda Chelly
Chief Security Officer | TEDx Talk | Author & Keynote Speaker | IFSEC Global Top 20 Cybersecurity Influencer | Entrepreneur | PhD, S-CISO, CISSP, Cert SCI (General Insurance)
Find out on magda-on-cyber.com
Awards
- The IFSEC Global influencers in security and fire 2021
- Top Women in Security Asean Region 2021 Awards https://www.asiapacificsecuritymagazine.com/winners-and-judges-of-the-top-women-in-security-asean-region-2021-awards/
Follow Magda on her Social Media Accounts:
- LinkedIn: https://www.linkedin.com/in/m49d4ch3lly
- Twitter: https://twitter.com/m49D4ch3lly
- Facebook: https://www.facebook.com/m49d4ch3ly
- Instagram: https://www.instagram.com/m49d4ch3lly
