When the threat of cyber attacks first came to public attention, nearly everyone focused on cybersecurity for large companies. However, year-to-date, 58 percent of malware attack victims are categorized as Small and Medium Enterprises (SMEs). While we have already set you up with a guide to budgeting for cybersecurity in 2019, we will now take you through a guide of essentials for cybersecurity for SMEs.
Statistics Every SME Should Know
Aside from 58 percent of malware attack victims being SMEs, there are additional statistics every SME should be aware of to truly realize the importance of cybersecurity. In 2017, cyber attacks cost SMEs an average of $2.2 million. Average malware-related costs for SMEs included over $1 million due to damage or theft of IT assets, and just under $1.2 million due to disruption in normal business operations.
How are these attacks delivered? Over 92 percent of malware is delivered via email; relying on uneducated employees to click on malicious links or attachments. It’s estimated that each user at an SME receives nine malicious emails per month and it only takes one click for your SME to become compromised.
Throughout the year, we have also seen an increase in fileless malware. Approximately 35 percent of malware attacks have been fileless. Because fileless malware techniques replace the need for dropping malicious executable files on disk, traditional security solutions such as antivirus programs can’t detect them. With no file to scan, there’s nothing antivirus can do – thus, making them extremely successful.
Lastly, 60 percent of SMEs say attacks are becoming more severe and more sophisticated. This statistic is supported by the fact that we can see the increasing average cost of an attack and the rise of more sophisticated techniques such as fileless malware.
Cybersecurity Essentials for SMEs
Hackers have been relying on the theory that SMEs do not spend seriously on ensuring their cybersecurity strategy protects them against the latest threats. Due to budgetary constraints, this theory often holds true. While we are in no way saying that SMEs need to have the cybersecurity budget of a large enterprise, we are emphasizing that SMEs need to continually monitor their cybersecurity controls and reassess them on an ongoing basis. For example, what worked to protect your company a year ago may no longer even be the minimum requirement given the scale of growth.
Due to the growing regulatory pressures on large enterprises for cybersecurity, many are now requiring equal cybersecurity and data security norms for their vendors. A large portion of such vendors are in the SME segment meaning; if you want to secure that next large contract, cybersecurity may be the difference between signing on the dotted line or not.
So, what can you do to ensure your cybersecurity passes the test? While it’s up to your individual business to select vendors you feel protect your business most effectively, we can offer tips your business can start with to sure up your cybersecurity landscape.
Look at the business next door. Over the next year, one of you is extremely likely to suffer a cyber attack. Create an organizational culture around cybersecurity; restrict access to processes and products; invest in your cybersecurity; educate, educate, educate your employees; and make sure you’re not a member of the 58 percent.
Photo courtesy of PYMNTS.com