The Heritage Company, a telemarketing business based in the UK suffered a cyberattack in 2019 which forced the 61-year-old company to close its operations permanently. The closure that happened due to a ransomware attack rendered 300 of its employees jobless just before Christmas. Its CEO Sandra Franecke announced the closure after the company struggled to cope with the ransomware attack for two months.
This is just one case of a cyberattack forcing a company to shut down. A report claims that 75% of businesses that close due to cyberattacks never reopen. But preventing cyberattacks is possible. In this article, we will discuss how to ensure cybersecurity for small businesses and how much SME cybersecurity costs, along with the major cyber threats to businesses of small scale.
Prevention is always preferable to a cure. Likewise, the importance of robust cybersecurity cannot be overstated, especially in the face of potential cyberattacks.
It wouldn’t be wise to assume that small-scale businesses are immune to being targeted. As automation becomes more prevalent, attackers can exploit multiple small businesses, making cybersecurity for small enterprises a necessity. Small businesses often lag in terms of cyber-awareness, rendering them susceptible targets for cybercriminals.
Sohail Iqbal, CISO at Veracode, points out in a news report, “Financially motivated adversaries view SMBs as soft targets due to their inadequate security controls and the scarcity of skilled resources at their disposal.” He adds, “Small-business breaches are somewhat an overlooked and underreported arena.”
According to a recent report, businesses with fewer than 500 employees can lose an average of $2.5 million in a single cyberattack. This amount is substantial for smaller-scale businesses, underscoring the importance of SME cybersecurity.
Another report published at the end of 2022 claims that cyberattacks on larger companies have reduced while on smaller businesses, they have increased.
Crafting a Robust Cybersecurity Plan for Small Businesses
At least 75% of businesses that close after cyberattacks never reopen. This depicts how seriously cyberattacks impact small businesses. This makes it important to create an effective plan for SME cybersecurity. Here are the pointers to be considered.
- Identify the assets that you need to protect. What threats do you want to protect your asset against and what impact could an exposure could have.
- After identification, prioritize your assets, risks, and threats. Assess the cybersecurity concerns of your organization and what could be a possible risk.
- Set realistic and achievable goals and work on the risks in a decreasing order of priority to fulfill all your cybersecurity goals.
- List your cybersecurity policies and train employees with the entire procedure. Also, remember to link your goals to match business objectives.
- Now test for the vulnerabilities with the help of a test run. See if your cybersecurity plan is working out. Don’t wait for a cyberattack to occur, act before that.
The Price of Cybersecurity in Small Businesses
There isn’t a common criteria for the calculation of SME cybersecurity expense because it depends on various factors like geography, industry, company size, regulatory and compliance requirements, and more. However, there is a recent report claiming that companies on an average of 10% on cybersecurity from their yearly IT budget. This investment could be an average of US$2700 per year per employee.
For example, if your business is worth US$ 3 million, then you might spend around US$ 300,000 on cybersecurity expenses. This expense is ultimately going to add up to further fortification of your business against multiple cybersecurity threats discussed earlier.
SME Cybersecurity Services and Costs
- Endpoint Detection and Response: EDR solutions help in detecting and stopping abnormal behavior. These generally cost US$5-US$8 per user per month and US$9-US$18 per server per month.
- Vulnerability Assessment: It helps to identify and quantify the vulnerabilities in systems. This could cost US$1500-US$6000 for a network with up to 3 servers and US$5000 to US$10,000 for a network with 5-8 servers.
- Firewall: This helps block malicious traffic from entering your company systems. This can cost between US$400-US$6000 depending on the scale of the company’s business.
- Multi-Factor-Authentication: This is an extra layer of defence for your data against cybercriminals. This could cost US$5-US$10 per user per month.
- Web App Assessment: This helps in understanding how criminals could misuse your web app for vulnerabilities. This can cost around US$4000-US$8000 for organizations.
- Email Security: Over 90% of cyberattacks happen via email. Email security prevents businesses from spyware, trojans, malware, etc. This can cost around US$3-US$6 per user per month.
Key Cyber Threats to Businesses of Small-Scale
Phishing Attacks
Being the most widespread and damaging category of attacks, phishing amounts to 90% of breaches in businesses. And sadly, this number has grown by over 65%. Cybercriminals imitate some known person to the victim and make them click on malicious links or download malware-loaded files. Finally, after getting access to victims’ sensitive information like account details or credentials, they start exploiting it for personal benefit.
In recent times, phishing attacks have grown increasingly sophisticated. Scammers pretend to be legitimate businesses and lure innocent victims. Phishing attacks now deploy social engineering tactics to target multiple workers in the same organization.
But, there is a ray of hope. To ensure cybersecurity in small businesses, it is advisable to have a robust email security gateway to prevent such emails from reaching workers’ inboxes. Multi-factor authentication (MFA) is another method to defend against the threat of phishing attacks.
Malware attacks
According to a recent report, Malware amounts to 18% of cyberattacks aimed at small businesses. It is the second biggest threat after phishing and is implemented by deploying trojans and viruses. Malware attacks might be used by attackers to gain access to networks and extract and destroy data on the organizational systems.
These attacks can also cause irreparable damage to the hardware which then demands expensive repairs and replacement. Malware not only gives access to data but also puts customers and employees at risk of further scams and financial losses. Small businesses often follow a B-Y-O-D policy in which they might ask employees to bring their own devices to work. This looks cost-effective from the outside, but internally, this is increasing the risk of exposure to malware.
To ensure cybersecurity in small businesses against malware, deploying sturdy technological defences is essential. Endpoint protection can help in protecting devices against malware attacks. Stopping access to malicious web pages too can help in preventing the download of malicious software.
Ransomware Attacks
Small businesses are a target of 71% of ransomware attacks. And an average ransom demand amounts to US$116,000, claims a recent report. Cybercriminals are aware that small businesses often don’t have a data backup, which is why coaxing them into paying a ransom gets easier.
Ransomware attacks involve stealing and encrypting the company data so that they can no longer access it. A hefty ransom is then demanded to decrypt the data. This leaves businesses with only two choices, either pay the ransom and bear a huge loss of money or not pay the ransom and cripple your business operations.
Cybersecurity for small businesses can be ensured by maintaining a data backup for recovery in case of an unfortunate event of ransomware attack. The IT team can then recover the data and prevent payment of any ransom amount or loss of productivity.
Password Compromise
19% of enterprise professionals use passwords that can be guessed easily. Weak or easily guessed passwords pose a huge risk to small businesses that use multiple cloud-based services. Cloud services often contain sensitive business data like financial records or customer’s personal information. Using the same password for multiple accounts or easy-to-guess passwords can expose the data for further compromise.
Robust business password management technologies and MFA can help ensure cybersecurity for small businesses from password compromise. Well, using a strong, difficult-to-guess password is always an option that should be considered.
Insider Threat
According to recent research, in organizations, 62% of employees had access to accounts they never needed. Giving employees access to multiple accounts that they don’t even need is not a wise decision. Such password exposure can willingly or unwillingly cause massive financial and reputational damage to businesses.
To ensure cybersecurity in small businesses, organizations should promote a strong culture of cyber-awareness among employees. Reducing ignorance, spotting early vulnerabilities and vigilance can help in ensuring SME cybersecurity.
Additional considerations for ensuring cybersecurity in small businesses include hiring trained professionals for cybersecurity, employee training, setting business priorities, buying cyber insurance, optimizing the existing toolset, and securing the company’s WiFi and networks. Remember, cybersecurity is a shared responsibility, we all have to stand up as a team to ensure cybersecurity across various sectors.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.