Small and midsize businesses (SMBs) are the bedrock of most national economies. And being a small-business owner is a hard job, especially during economic downturns and crises like the current COVID-19 pandemic.
When the security industry looks at cybersecurity preparedness, it is often critical of SMBs. They are often portrayed as being lax or ignorant about security issues. However, Cisco's "Big Security in a Small Business World" report, based on a survey of approximately 500 SMBs (those with 250 to 499 employees) shows that SMBs are actually paying close attention to security and that their sometimes novel and entrepreneurial approaches are paying off.
Evidently, it's time to clear up some common misconceptions about SMBs and cybersecurity. Here are a few of the biggest whoppers.
No. 1: Only large organizations face public scrutiny.
Our first myth is that the media is only interested in the large-scale attacks and breaches that occasionally wreak havoc among governments and huge corporate entities, and that attacks on SMBs don't or won't generate headlines. However, last year, smaller organizations garnered roughly the same coverage as their larger counterparts. In the Cisco survey, approximately half (49%) of SMBs reported that they were subjected to public scrutiny after a security incident.
Similarly, in 2019, 59% of SMBs voluntarily reported their largest data breach last year, as did 62% of larger businesses. Obviously, smaller outfits are dedicated to preserving their relationships with their customers and partners.
Interestingly, a majority of smaller businesses said they get enquiries from the people they serve about how they handle their data: Seventy-four percent of SMBs and 73% of larger companies reported that customers or prospects ask these questions about the firm's approach to cybersecurity. In other words, customers care about their personal data, and they need to trust the companies in possession of it.
No. 2: After a cyberattack, big businesses have less downtime and recover faster.
A major security incident can result in massive disruption in any business, large or small. But if you're an SMB, the most important consideration is not the length of downtime per se, but rather how you can ensure your resources aren't completely maxed out. In this regard, automation might be just what you need. It can provide both early warnings of attacks and quick responses to them, which can help safeguard your business. Research indicates that SMBs and larger organizations experience roughly equivalent downtimes after cyberattacks. Specifically, last year, 24% of SMBs were hobbled for more than eight hours as a result of their most critical security breach. Thirty-one percent of larger organizations reported a similar downtime duration after a major incident.
Fortunately, the use of automation as a security weapon is catching on. The Cisco report wraps up stating that in order to simplify and accelerate threat detection and response, a respectable majority (77%) of organizations of all sizes plan to automate their security landscape over the next 12 months.
What attacks are these companies hoping to avert? Ransomware, the threat most likely to cause 24 hours or more of system downtime, topped the list. DDoS attacks were the third most destructive attack in terms of downtime, particularly for large organizations with 10,000 or more employees.
No. 3: SMB leaders are lax about security and data privacy.
For any business with a digital presence, it's obvious that solid, always-available IT systems are a key to revenue generation, company reputation, and brand value. It's just as clear that for security to be done right, leaders have to support it, whether or not the business has 50 or 50,000 employees under its roof.
And the data shows that, indeed, SMB executives are keenly aware of all this. In fact, 87% of SMB executives polled by Cisco agree that security is a high priority — only 3 points below their counterparts in larger businesses. More than 66% of respondents in 17 different industry verticals said their leaders considered security as a top priority.
The verdict is in: SMBs are no laggards when it comes to cybersecurity, and in many respects are faring no better or worse at it than their far larger counterparts. The data shows that SMBs actively consider security during their strategic planning and in the running of their daily business.
But SMBs also face special challenges. Many feel a continual pressure to grow and are doing it by deploying ever-larger mobile and remote workforces. While this can help a company achieve its growth goals, it also opens it up to a universe of dangerous security threats.
That's why beefing up security with state-of-the-art cybersecurity technology can pay off. Last year, SMB respondents who only replaced or upgraded security technologies after they stopped working had to deal with 7.6 hours of downtime after their worst security breach. In comparison, companies that had up-to-date systems were offline for only 5.4 hours.
The lesson is clear: In terms of cybersecurity, automated security tools with built-in analytics — ones that can detect and mitigate even unknown threats — can help SMBs play with the big boys.