Media coverage of cybersecurity breaches would lead us to believe that sophisticated, targeted attacks are reserved for well-known enterprise organizations. Searching the Internet for data breaches of this decade yields names such as Equifax, Target, eBay, Home Depot, Sony, JP Morgan Chase and Anthem, just to name a few. Attacks against these mammoth enterprises may lead small and medium-sized businesses (SMBs) to believe their size protects them from sophisticated and targeted attacks. In fact, a Paychex report found that a startling 68 percent of SMB owners are not worried about being hacked.
The media focus on high-profile breaches also reinforces the perception of many SMB owners that they don’t have anything of value that an attacker would want. Nothing could be further from the truth. Small businesses are in possession of many assets that are of great interest to adversaries, including money, intellectual property (IP), customer data and access. In fact, access may be a primary driver because an SMB can be used as a vector to attack a larger parent organization or the supply chain of a larger target. To make matters worse, while SMBs are fueling the economy — contributing to its value, growth and innovation — they trail far behind their larger counterparts in the area of cybersecurity. This combination of valuable assets and immature cybersecurity makes them a very attractive target: “low-hanging fruit” for attackers. It explains why 70 percent of cyberattacks target small businesses, according to the National Cyber Security Alliance.
The Biggest Mistake: Believing It Won’t Happen to You
Austin Murphy, vice president of managed services with CrowdStrike®, says a major misstep SMBs make is assuming they are not a target. “I think it’s a real mistake to think you’re somehow insulated or protected from attack because you’re small. If you as an organization depend on IT systems for operating your business, then you are a target for attack — let’s just state that plainly,” he says.
In addition, as adversaries increase their use of automation, they are able to launch widespread attacks for which smaller organizations are less prepared. As Murphy points out, “With ransomware and other extortion techniques, smaller organizations are hit much more frequently and much more impactfully than larger organizations.”
What Can SMBs Do to Protect Themselves?
Because most SMBs lack an in-house IT security team, the task of defending against targeted attacks launched by sophisticated and stealthy adversaries can seem insurmountable. With little, if any, cybersecurity staff, limited budgets, and a lack of security expertise or even awareness, how can SMBs get started on the journey to protecting themselves?
Murphy recommends approaching security as a process, as opposed to a state you must achieve. “We know successful organizations understand that the concept of ‘secure’ is not something that you are — rather, security is a process that you participate in,” he says. This means that buying the latest security products and technology, then simply “setting and forgetting” the solution you purchased, is not enough. Cybersecurity needs to be part of the organization’s core business process. One example is knowing what you should do if you get hacked: If you’re not thinking about it ahead of time, you’re setting yourself up for some costly mistakes. A proven method for integrating security as a business process is to adopt a security framework. There are several good frameworks that can help you get started, but one of the most popular frameworks is provided by the National Institute of Standards and Technology (NIST).
There are also some easy tactical measures that you can implement to make it harder for attackers to succeed. A good place to start is by routinely backing up the data that is essential to your business. You should also keep your computers up to date to limit their vulnerabilities, and use two-factor authentication (2FA) and strong passwords to mitigate the effects of credential theft. It’s also very important to educate your employees on security best practices. Finally, you must use the best next-gen endpoint protection you can find — technology that not only detects and prevents threats, but a solution that can help future-proof you against the evolving threats you’ll face tomorrow.
By far, the most important action item is to start the process of improving your security posture today. CrowdStrike is helping hundreds of SMBs by providing a turnkey solution that allows organizations of any size to instantly achieve the highest level of protection. That solution, Falcon® Complete™, combines advanced technology with the skills and expertise of CrowdStrike’s best-in-class security professionals to provide immediate, worry-free and mature endpoint security. It works with your current staff and resources, without requiring additional investments in hardware or people.
For organizations that want to build their security step-by-step, CrowdStrike next-gen AV provides the most efficient foundation — with protection that goes beyond malware, increasing and simplifying your endpoint security. You can try a no-obligation, 15-day free trial of Falcon Prevent™ next-gen antivirus today and see the difference for yourself.
Unfortunately, SMBs continue to fall victim to cyber threats as often as their Fortune 1000 counterparts, which is why effective cybersecurity is a critical must-have for organizations of any size. Don’t wait. Start today.
- Get a blueprint for prioritizing security efforts and finding the right solution in this white paper: “Can Small and Midsize Organizations Get the Same Level of Endpoint Protection as the Big Guys?”
- Read the report: “Cybersecurity for the SMB.”
- Learn how to reach instant cybersecurity maturity by visiting the Falcon Complete Product Page.
- Test CrowdStrike next-gen AV for yourself. Start your free trial of Falcon Prevent today.