Vulnerable to Vigilant: SMBs Ramp Up Cybersecurity Efforts

In the face of increasing cyberattacks targeting small and medium-sized businesses (SMBs), this group is increasing its budgeting, staffing, tooling, and sophistication to make security a priority.  Grayson Milbourne, security intelligence director at OpenText Cybersecurity, provides actionable advice for SMBs to increase their cyber strength further. 

The cybersecurity landscape is ever-evolving; attackers are getting smarter and more resilient. As a result, businesses must invest more in security to stay ahead or, in some instances, catch up.

Cybersecurity is a key priority for businesses of every size and will stay so for the foreseeable future. Findings from the recent  OpenText Cybersecurity 2023 Global Ransomware SurveyOpens a new window confirmed that SMBs are aware of ransomware risks (90% of SMBs cited they are extremely or somewhat concerned about a ransomware attack). And as a result of these concerns, they are taking a much more proactive stance to improve their security footing. In doing so, they are catching up to enterprises in their defenses. 

Boosting Security Awareness, Teams, and Budgets

For example, 83% of SMBs reported requiring employees to take security awareness or phishing training, and they also conduct training more frequently. Of these respondents, 38% conduct training quarterly and 41% twice a year. Most enterprises (96%) require regular security awareness or phishing training and 40% of enterprises conduct security awareness training once per quarter, and 34% twice a year. This heightened emphasis on SMB security awareness training is particularly encouraging, considering there was also a disparity in understanding who constitutes a potential ransomware target. 

Despite a well-documented cybersecurity talent shortage, SMBs (44%) and enterprises (43%) plan to expand their security teams next year to combat increasing threats. Of the same group, 57% of SMBs and 53% of enterprises plan to increase security spending in 2024. Of SMBs planning to increase security spending, 40% plan to increase budgets by 5 to 10%; 33% plan to increase budgets by 10 to 20%. In addition to more frequent security awareness training and increased spending, the survey also found that the number of SMBs with recovery plans and backup solutions increased, which is essential for improving cyber resilience. 

See More: Why Companies Should Patent Their Quantum Technology Now

Simplifying Security with Higher-Powered Solutions 

Another similarity in the survey findings is that most SMBs and enterprises use 2 to 3 security solutions. 58% of SMBs use 2 to 3, about 5% use more than five security solutions, and 10% use only one. In 2022, 52% of SMBs used 2 to 3 security solutions, but 21% used four or more solutions. These findings may point to a tool consolidation trend that aids in simplifying security processes, reducing costs, and increasing efficiency. 

6 Key Steps to Enhance SMB Cyber Resilience

The striking similarities in how SMBs and enterprises view cybersecurity and the steps they take to mitigate attacks are encouraging. To further increase cyber resilience, consider the proactive steps below. 

1. Building a Cyber-aware Culture: When employees are self-aware about how their behaviors can put their organization at risk, they will be better positioned to help prevent attacks. Training employees in security best practices, such as recognizing phishing emails, texts, or suspicious links, is essential to minimize ransomware opportunities. It’s also important that the company culture encourages honesty and transparency so employees feel confident reporting an error or issue without fear of retribution. Routinely reinforcing this message and conducting security awareness training and assessments will strengthen the desired culture. 
2. Keeping Software Updated: Ensuring that employee devices and organization-affiliated systems are up to date with the latest security patches is also one of the other basics that SMBs must follow. Enabling automatic updates for operating systems and continuously running antivirus scans will go a long way to closing known vulnerabilities and phishing attempts. 
3. Detection and monitoring tools: Implementing real-time network and endpoint monitoring tools to detect unusual or suspicious activities is crucial to identifying threats. Choosing multi-layered solutions with threat intelligence to monitor email, web, and cloud-based risks also reduces the chances of a breach. I also recommend highly automated solutions requiring less security professional management for quicker detection, response, and data recovery if an attack occurs. 
4. Strong recovery plans: A strong recovery plan that uses data backup solutions is the final piece of the cyber resilience puzzle. Numerous backup services are available at varying price points for SMBs. For example, air-gapped backups are an inexpensive way to store a copy of critical data offline. This additional offline protection makes it impossible to hack. Recovery plans help SMBs and all organizations bounce back quickly if hit by a ransomware attack. Developing and regularly updating response and recovery plans helps to remain prepared and test the plan’s effectiveness. 
5. Securing Remote Access: As many employees continue to work from home or in hybrid locations, securing their laptops, cellphones, and other endpoints is critically important. While public Wi-Fi hotspots are appealing and easy options, they are high-risk “convivence” and are often insecure. Using virtual private networks (VPNs) and requiring multi-factor authentication for all devices and systems are two easy and effective ways to secure remote access.   
6. Don’t forget security basics:  In today’s digital age, it’s easy to forget the basics of physical security—never leave laptops and desktops unattended. All devices should have a screensaver that locks automatically when alone and requires a password to prevent unauthorized access. Likewise, awareness of physical surroundings, particularly when out of the office, can avert information theft or credentials. For example, shoulder surfing, a form of data theft where criminals simply watch nearby screens to steal credentials, is a real threat to organizations. 

Roadmap to a More Secure Future

By implementing these best practices, SMBs can significantly reduce their chances of falling victim to ransomware attacks and better protect their critical business assets. 

The global ransomware survey noted that SMBs are improving their cybersecurity, but work remains to gain full cyber resilience to fend off increasing attacks. Best practices like building a cyber-aware company culture, incorporating attack detection and backup solutions, and developing a recovery plan are essential ways SMBs can fortify their defenses and increase their cyber resiliency. 

How can SMBs enhance cyber resilience? Let us know on FacebookOpens a new window , XOpens a new window , and LinkedInOpens a new window . We’d love to hear from you!

Image Source: Shutterstock

MORE ON SMBs (Small and Medium-Sized Businesses)

• Is AI the Key to SMB’s Digital Transformation? 
• The Importance of Hybrid Cloud for SMBs 
• 5 Strategies SMBs Should Follow to Strengthen Cybersecurity
• 10 Reasons for SMBs to Consider Managed Security Service Provider (MSSP)