Problem 2 of 7 Things Wrong with Mid-Market Cyber Security
Mid-market businesses rarely, if ever, have access to the same level of protection as large enterprises. Hackers know this, which is why they see small-to-medium sized businesses (SMBs) as low-hanging fruit.
Attacks on SMBs are now reaching epidemic proportions, with the UK’s National Cyber Security Centre warning that SMBs face a 50% chance of being hacked. Unfortunately, no business is too small to be targeted. In 2021, we saw high-profile incidents including attacks on critical national infrastructure like the Colonial Oil Pipeline and a record-breaking $70 million ransom demand from the REvil cybercrime gang following its compromise of the management software firm Kaseya. These are big attacks, with global ramifications. But a small attack on a smaller business can have a severe impact, particularly if it is forced to cease operations or suffers from serious reputational damage that can be caused by a major data breach. The US Securities and Exchange Commission suggested that up to half of SMB’s that suffer a data breach go out of business within six months, showing the outsized effect cyberattacks can have on smaller businesses.
When hackers target SMBs, they can achieve the same goals as attacking larger organisations by extorting ransoms, stealing data, or spreading malware to new victims – meaning that very few businesses are unattractive to criminals. A newsagent that delivers newspapers or a beauty salon serving a local community has the names, addresses, and potentially bank details of its customers – which are valuable to criminals. Even a lone entrepreneur working tirelessly from their garden shed is vulnerable, facing a “unique cybersecurity threat” due to the personal and financial data they possess, not to mention their intellectual property. This cybersecurity threat keeps business owners up at night because they know that the effects of an attack could not just be bad, but devastating.
Why is the mid-market particularly at risk?
The UK’s mid-market businesses are ‘more knowledge-based and less asset-heavy than they have been in the past’, says KPMG’s Mid-Market in 2030 viewpoint. It unsurprisingly predicts that technology and data will soon be at the heart of all businesses. Many of these businesses are fast-growth, with no dedicated cybersecurity staff whatsoever. With no time or money to dedicate to cybersecurity, time-pressed business owners often ignore the threat until it hits them in the face.
“While bigger businesses can often dedicate greater resources towards cybersecurity, mid-market businesses and entrepreneurs face the same cybersecurity challenges and threats with limited resources, capacity, and personnel,” the US Department of Homeland Security warned.
There is no shortage of cybersecurity solutions available to larger companies with access to financial resources and dedicated staff. But these enterprise-focused solutions are often too expensive for SMBs and too complex without a specialised security team.
As a result, smaller businesses often turn to disparate point products which protect one attack vector, such as email, but fail to protect web and cloud or offer secure authentication solutions such as multi-factor authentication (MFA). A focus on email is a wise move, because we know this is the source of 90% of targeted attacks. One careless click can cause a business-wise disaster. But the rise of multi-channel attacks in which attackers use cleverly crafted links to draw people onto malicious websites or cloud apps means that point products are not enough.
A secure future for the mid-market
Although the threats facing the mid-market are enterprise grade, there is hope. The rise of cybersecurity platforms is giving smaller businesses access to a wide variety of security solutions which can be managed from one single interface. This removes the complexity created by point products, which either don’t talk to each other or fail to overlap, leaving security vulnerabilities. An all-in-one platform solves both these problems.
Artificial intelligence and machine learning can also act as a force multiplier for security systems, working at speeds which are beyond human capacity. For large enterprises, AI can augment the work of security teams, saving them from time-consuming manual work caused by false alerts and minor threats. For SMBs, AI and supervised machine learning can make up for the lack of dedicated teams by automating the investigation and remediation of threats, and flagging only those requiring human intervention. When AI is put to work protecting a company against digital threats, its owners can rest a little more easily and have confidence that their most valuable assets are being protected.
For the mid-market, the threat has never been greater. But the tools to protect them have never been stronger. Safety is available if you want it.
Join the mid-market revolution. Sign up to receive our ‘7 things Wrong with Mid-Market Security’ Report: