The cyber threat landscape is always evolving and it's crucial that small business leaders remain up to date on the latest developments. Here are three approaches to cybersecurity that can help your business avoid a costly breach.
BlackBerry’s Threat Research team reported that small- and mid-sized businesses (SMBs) are increasingly the focus of cyberattacks, facing upward of 11 cyber threats per device, per day—a proportion much higher than larger enterprises.
For businesses with access to large amounts of funding, investing in sophisticated cyber defenses is, of course, an effective solution. State-of-the-art cybersecurity software and specialist skills and resources can bolster defenses—and quickly! Smaller businesses may not have as many options due to budgetary constraints. As a result, they are often at higher risk. An attack can be deadly if it hits an SMB: the Ponemon Institute found that 60% of SMBs go out of business within six months of a cyberattack due to the extent of the reputational and financial damage. However, leaders of SMBs shouldn’t lose heart. A solution is possible, and they really can achieve the same, sophisticated level of defense as organizations with significantly larger budgets. Here’s how.
In cybersecurity, success is in the small details.
We recently saw the Marriott International Group suffer its third publicly acknowledged data breach in four years. The hotel chain disclosed the incident after the site DataBreaches.net reported that an unnamed threat actor claimed to have stolen 20 gigabytes of sensitive data. With huge cyberattacks littering the news cycle, small businesses may anticipate complex attacks on their infrastructure. In our recent BlackBerry Threat Report 2022, we found that this is rarely the case. Older techniques, which can be less technical, are gaining popularity. While this may be surprising, it is proving to be incredibly effective.
The simple attacks are the most common. Utilizing older techniques (phishing and watering hole attacks, for example) has been a popular choice due to the proliferation of digital channels, such as SMS and smartphone apps. BlackBerry’s research discovered that out of the nearly 40% of businesses that identified an attack, the most common threat vector was phishing attempts (83%), while only one in five businesses identified the anticipated sophisticated techniques of malware and ransomware.
Despite lack of sophistication, or the messy exits we’re seeing many attacks display, threat actors are nonetheless successful.
In many cases, threat actors left behind playbook text files containing IP addresses and more. Despite being less technically advanced, cyber criminals were able to infiltrate organizations’ barriers due to small businesses still using older technologies and infrastructure for protection. If they fail to bolster their defenses and tighten their security, SMBs will remain the prime targets, even for the simplest of attacks. Last year, we witnessed a huge number of simple yet deadly attacks on SMB targets. So, how can we prepare ourselves and guard against this?
The three avenues for protection: people, solutions, and attitudes
When making decisions about cybersecurity solutions, one of the first things SMB leaders may consider is the cost. Employing an entire IT team or integrating cyber software across IT equipment can be expensive. Luckily, this doesn’t need to be the case. It is entirely possible to outsource help and a level of protection that few organizations can otherwise afford on their own.
There are three avenues small businesses should consider:
No number of outsourced services or technologies can prevent human error. However, it’s possible to reduce error through introducing positive security attitudes and cultures. A Zero Trust security model addresses this by assuming every user, endpoint, and network are potentially hostile. No user can access anything until they prove who they are, that their access is authorized, that they’re not acting maliciously, and that the Wi-Fi or cellular network they are connected to is not compromised.
The digital skills gap weighs heavily upon SMBs, who may not even have cyber specialists among their IT teams. To avoid stretching out teams, businesses can engage a Managed Security Service Provider (MSSP). An MSSP provides outsourced monitoring and management of security devices and systems. They provide customers with services around the clock, 24/7, which maintain a strong security defense.
Cyber threats can appear highly complex. Many SMBs fear that they don’t have the visibility or power to stop them. Here is where Extended Detection and Response (XDR) can help. By collecting and analyzing data from multiple sources, these solutions give businesses a complete view of all potential network and endpoint vulnerabilities, and enterprise security personnel can more effectively prevent cyber threats. XDR can detect threats in real time.
The faster a threat is detected, the better; as a result, security teams can investigate and act quickly. Similar to MSSP services, XDR has 365x24x7 threat monitoring, protecting even on weekends and during holidays. In the event of a cyberattack, XDR enables faster discovery, response, and remediation, freeing up valuable resources to focus on more impactful projects.
This article is licensed content that was created by a third party not affiliated with Santander Bank, N.A. (“Santander”). This article is for promotional purposes only. Santander does not provide investment, business, financial, accounting, tax, or legal advice, and the content of this article does not constitute investment, business, financial, accounting, tax, or legal advice. Santander does not make any claims, promises, or guarantees about the accuracy, completeness, currency, or adequacy of any content. Santander expressly disclaims all express and implied warranties of accuracy, completeness, currency, or adequacy of the information and content in this article. Readers should consult their own attorneys or tax or other advisors regarding the applicability of any referenced information, or financial or other strategies to their own unique circumstances. This article does not necessarily reflect the views or endorsement of Santander. Please note that third-party websites may have privacy and security policies different from Santander; please review the privacy and security policies of such websites.
Santander Bank, N.A. is a Member FDIC and a wholly owned subsidiary of Banco Santander, S.A. ©2022 Santander Bank, N.A. All rights reserved. Santander, Santander Bank and the Flame Logo are trademarks of Banco Santander, S.A. or its subsidiaries in the United States or other countries. All other trademarks are the property of their respective owners.