Please configure
Cybersecurity threats are real
Many small business decision-makers neglect their cybersecurity posture for any number of reasons. Often, the reasoning boils down to one key misconception: that cybercriminals won’t attack small businesses because they’re not valuable enough.
This is a misconception because the truth is that every business is valuable to cybercriminals. A small business could be valuable for three main reasons:
Moreover, cybercrime is a numbers game. Gangs of cybercriminals, often sitting in corporate-style offices around the world, launch as many attacks as possible on as many targets as possible. This way, even if only a small percentage of attacks succeeds, the gang makes money. While the income from each individual attack may be relatively small, these incremental amounts soon add up to big business for the attackers. Meanwhile, small businesses are left to pick up the pieces, trying to repair their damaged reputation along with their network, data, and systems.
The cost of a cyberattack can be significant. For some small businesses, the cost can be high enough to put a company out of business. CERT NZ reported that losses from cyberattacks in the second quarter of 2021 hit 3.9 million, a 30% increase from Q1. 1
As well as the direct financial losses, there is also the reputational damage that can be done. If customer payment details are compromised, for example, then those customers may be reluctant to continue doing business with that company in the future. If a small business is the launch point for an attack on one of its larger partners, that partner may be similarly reluctant to maintain the relationship. The effects can continue to compound until the affected business can simply no longer operate effectively.
Then there is the cost of remediation. For example, Australia and New Zealand hold the record for the world’s highest rate of ransomware attacks against small businesses. The average ransom demand sits at US$5,900 but the cost of downtime can be as high as US$141,000. This is business-threatening for 45 per cent of small businesses.
The bottom line is that small businesses need to prioritise their cybersecurity preparedness because the risk of being attacked is real, the chances of being targeted are extremely high, and the cost of not being ready is potentially catastrophic. This whitepaper explores some of the common barriers to cybersecurity preparedness for small businesses, as well as ways to overcome those barriers to reduce risk.
Barriers to cybersecurity preparedness
In a perfect world, most small business leaders would choose to be fully protected against cyberattacks. Unfortunately, that perfect world doesn’t exist and, even with unlimited funds and resources, no business can ever be 100 per cent protected; cyber adversaries are simply too motivated and are moving too fast. However, with a smart, strategic plan and proactive approach, small businesses can harden their security posture substantially, making them less attractive targets for cybercrime.
There are four key barriers that small businesses face in their journey to become cybersecure:
1. Cost
New Zealand small businesses face a constant balancing act as they try to achieve more with less. It’s understandably tempting to direct funds towards activities that demonstrate an immediate return on investment (ROI), especially as businesses build back following the pandemic.
Building a business case for cybersecurity investment can be tricky because the critical outcome of a strong cybersecurity program is that nothing happens; the organisation remains safe. Business leaders can be fooled into thinking that there was no need to invest in the first place.
Often, the actual cost of a solid cybersecurity program is much lower than business leaders believe. However, the fear of wasting money that could otherwise be spent on revenue-generating activities can be hard to overcome.
How to overcome this concern
Small businesses could start with a risk assessment that considers the organisation’s valuable data and systems and the potential cost of a cyberattack. This assessment should account for both the likelihood and the impact of specific attacks occurring. By mapping this out, the business can then determine where to allocate resources for additional cybersecurity measures.
It is not possible or even desirable to protect everything in the network. By identifying the most valuable assets and directing protection efforts towards those, business leaders can have peace of mind that they are as protected as they can be within their budget.
This process can also help to determine the ROI for cybersecurity investments. By understanding the cost of an attack, business leaders can also understand the value of avoiding that attack. This is a crucial part of risk management for businesses of any size.
Armed with the relevant information, business leaders can see the value of their investments and can manage cybersecurity costs so that they fit within the organisation’s budget.
2. Complexity
Many small businesses already have at least some cybersecurity measures in place. This could range from basic anti-virus tools to more complex anti-malware, intrusion detection, and email protection technologies, among others. Every tool needs to be managed, updated, and maintained. Adding more solutions will add to the complexity of managing and maintaining these tools. For small businesses with limited resources, the prospect of adding even a small amount of complexity to the cybersecurity mix could be daunting.
How to overcome this concern
Rather than add layer after layer of point solutions to the cybersecurity mix, small businesses should eliminate complexity altogether by choosing a single vendor to provide a security fabric approach. This lets the business implement the security tools it needs without having to manage multiple vendors, solutions, upgrade paths, patching cycles, and so on. In many cases, a small business can deploy a comprehensive cybersecurity solution with a single appliance, incorporating next-generation firewall and advanced networking capabilities. This is simple and cost-effective to manage while providing a far stronger and more integrated security approach than could be achieved with multiple point solutions.
3. Skills
Most small businesses don’t have large or specialised IT teams. In many cases, it falls to just a handful (or fewer) of people who are responsible for everything from keeping the lights on to mitigating cyberattacks. These professionals add the most value when they can focus on delivering growth-focused initiatives instead of manually managing cybersecurity solutions.
For many small businesses, the time and effort involved in learning about cybersecurity solutions and how to optimise and maintain them is just too daunting. Businesses are already dealing with a skills shortage and are reluctant to devote resources to learning new skills.
How to overcome this concern
Fortunately, there is no real need for cybersecurity solutions to be managed by the in-house IT team. Instead, small businesses can outsource this responsibility to a managed security services provider (MSSP). This partner can monitor and manage the business’s cybersecurity posture and provide remediation services if an attack should occur. By outsourcing this function, the IT team can focus on value-adding activities while the leadership team can be confident that the business is secure.
4. Choice
There is no one-size-fits-all solution for cybersecurity and many business leaders quickly find themselves overwhelmed by the sheer amount of choice in the marketplace. With so many providers offering such a varied range of solutions, it can be hard for a non-expert to determine the right path for the business’s unique needs.
While choice is desirable, it can also be confusing. Business leaders are well aware that a misplaced investment could be costly for the business and leaving just one security vulnerability unaddressed could be highly damaging. This can lead to a form of ‘paralysis by analysis’ whereby business leaders find themselves unable to make a final decision.
How to overcome this concern
Small businesses need easy-to-manage solutions that cover their network, cloud, and endpoints. The right solution is one that automatically shares threat intelligence and can protect against prominent threats like ransomware and business email compromise (BEC). Technology that both stops attacks from succeeding and reduces the workload for IT teams is hugely valuable for small businesses. There are four steps small businesses can take to build a strong cybersecurity plan with the right solution:
Small businesses should work with a partner that can deliver these four steps in a cost-effective and transparent way.
How Spark can help
Small businesses need to leverage connected technologies to compete effectively in a digital world. Along with beneficial technology comes the risk of being attacked by cybercriminals unless the business is adequately protected. Avoiding investment in cybersecurity protection is not an option; small businesses must recognise the barriers to adoption and overcome them so they can do business seamlessly.
Solutions like the Spark Cloud Managed Network are underpinned by modern security tools that deliver the visibility and control needed to keep your business safe in the cloud. Contact us now and one of your experts will be in touch
Presented with Spark partner, Fortinet.
Want to learn more? Find out what Cloud Managed Network can do for your business.
Please configure