With more than 50% of SMBs experiencing breach in the past 12 months (Ponemon Institute), there’s a clear message for all businesses: No one is exempt from being a target of breach. The small business information security arena has been a bit less highlighted throughout the years, but not for lack of knowledge by the security industry of these organizations being just as vulnerable to breach as bigger enterprises.
Simply put, the first businesses to get hit by mega breaches and to hold the spotlight in the news were bigger organizations like Target. Now that every business is moving more data to the cloud and in the digital sphere, and as hackers get more comfortable pursuing data theft, things are changing and awareness of SMBs being a viable target is growing.
From a recently conducted study by the Ponemon Institute, only 14% of SMBs rate their ability to mitigate cyber-attacks as highly effective. This lack in confidence in SMB cybersecurity posture is due to smaller budgets and a shortage of experienced personnel within the small business enterprise. Also, small businesses don’t have sufficient technologies to help them keep eyes on their network, nor have they set up a department or group of people to focus solely on IT security.
It only makes sense that this is the case, since a small business runs with a smaller crew and budget. However, there are accessible solutions for SMBs.
To create an effective risk management posture you need: technology, process and people. Businesses need to evaluate their entire operational system, perform an audit of the environment they’re working with (servers, cloud, apps, network, data storage devices, physical data storage for those who still hold physical documents in their offices, and so on). Even though at a first glance this seems like an impossible task for an SMB, there are security organizations like NCX Group that are here to help.
When a business doesn’t have the resources or expertise to implement a thorough assessment of vulnerabilities and their network on their own, security experts can fill in the gap. It’s a service that has been around for years and has been underutilized due to the shortsightedness of what was to come with the digital revolution. Now that everyone knows of impending breach threats, it’s only a matter of wanting to take action and realizing that your business depends on it.
The SMB sphere is just now starting to see the signs of this need, let’s hope they can get on the information security wagon ahead of time and make the right decision now. Look at those companies that had the budget and didn’t take the right steps (Target is just one example). That doesn’t have to be the case for small businesses or any other business for that matter.
Photo courtesy of watcharakun