Last updated on April 10th, 2024 at 03:04 pm
By Ben Aung, CRO at Sage
For those outside the tech and IT industries, cyber security can seem overwhelming, conjuring up
scenarios involving complex risks and geo-political implications. The biggest cybersecurity incidents
are impactful on a global scale, involving billion-dollar businesses, nation states or sophisticated
organised crime groups.
For instance, one of the most notable cases in 2023 was the hack of the secure file sharing app, MOVEit, which saw organisations across the world exposed to serious security vulnerabilities including the BBC, British Airways, as well as attacks on SickKids Hospital, the Toronto Public Library and and several cities such as Hamilton and Westmount (QC) in Canada.
When news covers big cyber security issues, it can make it seem like the problem is too complicated
for any one business to handle. Since small and medium-sized businesses (SMBs) usually don’t have a lot of resources, it might look like there’s nothing they can do to lower their risk and keep up with constantly changing cyber threats. In fact, more than half of these businesses (51%) say that staying ahead of these threats is their biggest cyber security challenge. Research by Sage found that more than two-thirds (76%) of global SMBs say they regularly review their cyber security policies, however 42% neglect to backup critical data. This suggests there is a gap between cyber security awareness and action among SMBs, leaving them even more vulnerable to cyber attacks. In fact, according to our research almost half of SMBs experienced at least one cyber incident in just the past year alone.
The threat is real for SMBs
SMBs can often mistakenly believe that due to the size of their business, cyber criminals are less
likely to attack them and would instead focus on larger, more lucrative targets. However, in today’s
age, no business is safe from cyber crime and experiencing a cyber attack is a matter of ‘when’, not ‘if’. Any business with a digital footprint is a target for cyber criminals. Recognizing the tangible threat enables businesses to understand their other risks and see security as a crucial necessity. Also, cyber security doesn’t have to be complicated, and businesses don’t necessarily need to become specialists in order to create robust cyber security practices, but they do need to make it a
goal for the entire business. Changing perceptions of cyber security and acknowledging the risk to
the business will enable SMBs to adopt a security-first approach in every aspect of their operations.
These changes should be instigated from the top down to ensure that all employees are subscribed
to the same security-first culture.
Breaking cyber security misconceptions with a change in perspective
The misconception that cyber security is too difficult can get in the way of building security plans, especially when entrepreneurs and SMBs are already so busy with running their businesses in a challenging economic environment. Cyber security can often be seen as a ‘nice-to-have’ or ‘tomorrow’s problem’ when in reality it is very a real and immediate risk to the viability of a business. Therefore, it’s paramount to view cyber security as equal to any other business-critical priority/ identified risk. This is why it is so important to demystify cyber security and equip
businesses to take simple and impactful steps to reduce their risks.
Boosting cyber resilience by leveraging what you already have
Cyber security is often thought of as purely an IT problem, which means many non-technical people
just do not engage with it. The cyber security industry has inadvertently made this worse by using lots of jargon and buzzwords which are incomprehensible to most. Many businesses assume you need a ‘cyber security expert’ in order to design and deliver an effective security strategy – as this is unaffordable for many, they forgo a strategy entirely. The truth is that a lot of progress can be made through the IT and tools many businesses already have, just by making a few changes and uplifting or turning on the controls which are already available. Implementing 2-Factor or Multifactor Authentication for VPN and cloud service access, along with adhering to vendor-recommended settings for software and services, strengthens a business’s cybersecurity. Additionally, storing data in the cloud for easy backup and equipping operating systems with End Point Detection and Response (EDR) tools will boost cyber resilience even more. It’s best to establish these fundamental security measures before considering investments in costly cybersecurity solutions or consultants.
Empowering SMBs for Proactive Cyber Defense
Many believe that simply having the right technical solutions in place will remove all cyber security
risks. However, organisations that take a holistic approach and take advantage of the
difference their employees can make will be the most successful. Creating a culture that puts security first helps everyone in the business act safely and responsibly. If employees understand why it’s important, know the risks, and report anything strange, they can help stop attacks before they happen. SMBs can protect themselves better by making cyber security a regular part of running their business. This includes planning how to respond and recover if something goes wrong, which improves the business’s ability to recover quickly.