Why Your Small Business Needs to Rethink Its Cybersecurity Strategy

Cybercrime is a big problem for small businesses, and the risk of advanced threats continues to grow. This Cybersecurity Awareness Month, learn how to protect your SMB or nonprofit from attacks that threaten the business. 

The cybersecurity threat to small- and medium-sized businesses (SMBs) continues to grow as cybercriminals recognize how vulnerable they can be, and the potential value of the data they have. Today’s attackers have their sights set on SMBs and nonprofit organizations — and the consequences can be devastating as the cost of these incidents rises into the millions.

The proof is in the numbers: More than three-quarters (76%) of SMBs surveyed in a 2022 study were affected by at least one cyberattack in 2021, an increase from 55% who said the same in 2020. The 2022 Verizon DBIR found system intrusion, social engineering and privilege misuse represent 98% of breaches affecting small businesses; further, credentials made up 93% of data compromised in SMB attacks. For many SMBs, the concern around these attacks is growing: a CNBC survey of 2,000 small business owners found 61% of small businesses with 50+ employees are concerned they’ll be hit with a cyberattack within a year.

It’s time for SMBs to rethink and upgrade their security strategies to defend against today’s threats. These organizations often lack a dedicated cybersecurity team, as well as the modern security technology, skills and resources needed to defend against advanced threats. This is a growing concern because SMBs hold sensitive and valuable data: employee and customer records, intellectual property, financial transaction data, and access to business finances and larger networks are all essential to their success.  

October is Cybersecurity Awareness Month. This year’s theme is “See Yourself in Cyber,” a reminder that everyone has a part to play in keeping organizations safe from security threats.  While security can be a challenge for small businesses, CrowdStrike is ready to help with industry-leading products built to accelerate your SMB’s cybersecurity strategy.

Legacy Tech Is No Match for Modern Attackers

Many small businesses and nonprofits are aware of cybersecurity risks and have installed antivirus tools to keep cybercriminals at bay. Unfortunately, these products are no match for human-engineered threats such as social attacks, in which a target is manipulated into giving the attacker what they want, or identity-based attacks in which intruders use stolen identity and account information to access systems and resources while appearing as legitimate users. 

The 2022 Falcon OverWatch Threat Hunting Report found 71% of breaches were malware-free, underscoring the prevalence of these more subtle attacks and cybercriminals’ growing preference for techniques that evade antivirus software products. Once they have a foothold in your environment, attackers can then move throughout your organization to compromise additional systems, exfiltrate data, launch a ransomware attack or take other nefarious actions. This is possible with the use of legitimate employee credentials or exploits for unpatched vulnerabilities.

Here are a few best practices that can fortify your security defenses: 

  • Enforce multifactor authentication (MFA): As identity becomes a critical component to cyberattacks, MFA provides an extra layer of defense so you can be sure it’s an employee, and not an attacker, gaining access to systems and resources. 
  • Perform regular backups of critical data: If a breach hits your small business, you’ll be glad you backed up your data either on-premises or in the cloud. It’s worth noting an attacker may encrypt backups if they gain access to your systems, so it’s critical to create a strong defense. 
  • Keep up with software patches: Data breaches often start when an attacker exploits an unpatched vulnerability. Keeping software up-to-date ensures this vector is blocked. The US Cybersecurity and Infrastructure Security Agency has an updated list of known exploited security flaws
  • Invest in stronger cybersecurity protection: A smaller employee headcount shouldn’t put your business at greater risk of cyberattack, and small businesses don’t have to face big threats alone. Now through the end of October 2022, you can save big on select CrowdStrike products and services.

Cybersecurity is a big challenge for SMBs, but it is possible to build a strong security posture at a reasonable cost. Rethinking your security strategy and upgrading your defenses now can make a tremendous difference in getting through a cyberattack if disaster strikes.

The CrowdStrike Falcon® platform sets the new standard in cybersecurity for SMBs. Watch this demo to see the Falcon platform in action.

Additional Resources

Related Content