By: J. Wolfgang Goerlich
May 13, 2020
Big Security in a Small Business World: 10 myth busters for SMB cybersecurity
By: J. Wolfgang Goerlich
May 13, 2020
This blog was originally posted on Cisco Security Blog by author J. Wolfgang Goerlich. Reposted with permission.
We’re announcing our newest Cybersecurity Series report, “Big Security in a Small Business World”, which looks into how small to medium-sized organizations are embracing cybersecurity to grow their businesses.
We’re releasing this report during a challenging time in our lives. We know and understand SMBs across the world are facing unprecedented challenges in their operations. With all that you’re now faced with, how do you know what to focus on to stay secure? How do you protect your organization from attacks if you’re operating with fewer people?
In this report we explore and debunk 10 myths that exist around cybersecurity for smaller businesses. Spoiler alert: SMBs are more than holding their own.
The security industry has often been unjustly harsh towards small and medium businesses when it comes to recognizing how well you prioritize cybersecurity. This report – based on a survey of almost 500 SMBs (defined here as organizations with 250-499 employees) – reveals that not only do you take security very seriously, but that your innovative and entrepreneurial approach to security is also paying dividends.
It’s time to bust some myths about the way in which SMBs are using their cybersecurity resources. Here are some highlights of what the study revealed:
Myth: SMB leadership doesn’t take security and data privacy seriously.
With data taken from three survey questions about data privacy, cybersecurity awareness programs, and executive buy-in for security from the top, we prove this myth not to be the case. Executive leadership is informed and engaged.
Myth: SMBs face different threats than larger businesses.
We compared the types of attacks that SMBs and large enterprises reported they’ve experienced in the past year. We’ve also compared how much downtime (loss of business hours) the attacks caused. The results proved interesting. Many, such as ransomware, don’t discriminate by size of business. Threats affect organizations indiscriminately, no matter what their size.
Myth: Smaller businesses don’t test their incident response plans with drills/exercises.
Tabletop exercises and drills keep a team in fighting shape. The largest percentage (45%) of SMBs run exercises every six months. With leadership concerned about threats, and with threats affecting us all, organizations are regularly practicing incident response. In addition to these and other myths, throughout the report are insights from those who are responsible for strategies and approaches to cybersecurity within their SMB. For example:
– Alan Zaccario, Vice President, Information Technology and Cybersecurity, New Castle Hotels and Resort.
Finally, we round out the report from where SMBs are to where they can go; specifically, the need to simplify security and guidance on maintaining security in the shift to a remote workforce.
Make security as simple as possible but no simpler has long been a guideline. But finding data to support the efficacy of fewer vendors has been hard to come by. In this study, the more vendors our SMB survey respondents used clearly translated into longer reported downtime from their most severe breach. This ranged from an average of four hours using one vendor, to an average of more than 17 hours using 50+ vendors. This is compelling data in support of the vendor consolidation trend.
A more pressing concern for many is adapting to a remote work posture. Taking into account this new reality, you need a strategy to secure offsite employees and devices while supporting the flexibility and responsiveness SMBs are known for. The concluding section of the report provides information for navigating these challenges within the context of what we now know about SMB security. This is practical guidance you can put in place immediately.
The nature of an SMB is that life inside your organization is exhilarating, meaningful, personal, and yes, oftentimes tough. This report puts the spotlight on what cybersecurity tactics are working for a surveyed sample of smaller businesses, and what impact they’re having on streamlining operations. Armed with this information, you can focus on what matters most – securing and growing your business.
To access the report, head to Big Security in a Small Business World.