Organizations of all sizes are vulnerable to cybersecurity breaches. However, small and medium businesses (SMBs), for many reasons, can be an easy target for bad actors.
SMBs are a tempting target
There are a few reasons why small and mid-sized organizations are both tempting and vulnerable targets for cyber criminals. First of all, many of these businesses utilize vendors that provide managed services on their behalf. A bad actor can hit one of these managed service providers and impact many small organizations at once.
SMBs also tend to rely on free and built-in security tools included with existing products rather than investing in dedicated security technologies. With limited resources, it is common for there to be a lack of focus on cybersecurity.
Small Business Insights report
Recently, a poll conducted by Intuit Quickbooks collected feedback from 2,031 small and medium business owners in the United States. These organizations employ up to 100 people and have more than $5,000 in revenue annually. They were a combination of brick-and-mortar, omni-channel, multi-channel, and mainly online businesses.
When surveyed about current business concerns, half of the businesses stated rising costs while the other half cited the economy. One-third of respondents mentioned supply chain problems as an ongoing concern as well as cash flow. 23% of survey respondents also cited cybersecurity threats. Additional issues for small to mid-sized businesses included lack of funding, skills shortages, employee retention, low consumer demand, and lower-priced competitors.
With a focus on cyber attacks, more than 40%, 42% to be exact, of surveyed businesses acknowledged that they had suffered a cybersecurity breach. Specifically, malware was the most common type of attack followed by phishing, data breaches, DDoS (distributed denial-of-service) attacks, and ransomware.
How to protect SMBs
SMBs that want to enhance their cybersecurity measures should consider implementing tactics including but not limited to:
- Utilizing multi-factor authentication
- Investing in end-point detection and attack response tools
- Exploring identity and access management tools
- Considering the strategy of prevention instead of reaction and recovery
- Reviewing permissions to sensitive information
- Implementing hardware security keys