Explore Cisco
How to Buy

Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

SMB cybersecurity trends

Small and medium-sized businesses have become attractive targets for cybercriminals. With solid cybersecurity strategy in hand, they can reduce the risk of attack.

It’s not just the Fortune 500 that needs to worry about attacks from cybercriminals.

Small and medium-sized businesses (SMBs) have become common targets—as well as launch pads for bigger attacks with large payoffs. Cybercriminals see these businesses as potentially easier to breach: They are perceived as having less-sophisticated security infrastructure and practices than their larger counterparts, and may not have enough trained people on hand to manage and respond to threats.

SMBs may hope to address their cybersecurity stance on the eve of RSA Conference 2019, which takes place March 4-8 in San Francisco.

As Cisco’s report Small and Mighty outlines, smaller businesses are at risk because it’s more difficult for them to coordinate resources and mitigate attacks before they cause damage. Every organization is affected by the cybersecurity talent gap—but SMBs, even more so.

Even larger companies need to worry about the security weaknesses of their SMB. Attackers now strike supply chains, seeing vendors as an entry point to breach networks of larger organizations, according to the Cisco 2019 Data Privacy Benchmark Study. Large businesses that don’t properly vet their smaller vendors’ security practices may find attackers reaching them through a less well secured-network.

The Small and Mighty report, based on Cisco’s Cisco 2019 Data Privacy Benchmark Study, outlined security challenges faced by SMBs businesses, along with the steps these organizations are taking to make their business safer. Here are highlights from the report.

Challenges: Threats and impacts that can hurt the bottom line

System downtime. Time is money, and that’s certainly true when considering the impact of system downtime following security breaches. In the Cisco study, 40% of midmarket businesses (those with 250 to 499 employees) said they’d experienced eight hours or more of system downtime due to breaches; also, 39% said that at least half of their business systems were affected.

These impacts can be especially hard on smaller businesses’ productivity. As the Small and Mighty report noted, the core systems of smaller businesses are likely to be interconnected, which means attacks can more easily spread from system to system. With fewer IT resources, including adequately staffed and experienced security teams, smaller businesses take longer to recover.

Lost revenue. Cisco’s benchmark study found that more than half (54%) of all cyberattacks result in financial damages of more than $500,000, including damage to customers as well as lost opportunities. That’s bad for businesses of any size—but particularly tough for a smaller organization that could shutter its doors after such a loss.

Ransomware and cryptomining threats. Companies cited ransomware as a top security challenge in the Cisco study. Cisco security experts said ransomware attacks can be especially costly for small businesses, which are often quick to pay ransoms so they can resume operations. And now, as more cybercriminals turn to illicit cryptocurrency mining (or cryptomining) to generate revenue, small businesses need to worry about unwittingly aiding these efforts. Illicit cryptomining operations can be hard to detect without the right technology, according to the Small and Mighty report.

Difficulty orchestrating alerts. For many SMBs, however, the downside of adding more products and vendors to strengthen security defenses is that it can be tougher to understand alerts and assess threats. More than three-quarters (77%) of midmarket businesses, which already have limited IT resources, said they found it challenging to understand and respond to security alerts, given this complexity, according to the Cisco 2019 Data Privacy Benchmark Study.

Solutions: Planning and processes to help reduce risks

Despite the challenges they face, SMBs are not taking cyberthreats lying down. As survey respondents told Cisco, they’re making strides in filling security gaps and choosing outsourced help. Here are some examples of their progress, based on findings from the Cisco 2018 Security Capabilities Benchmark Study:

Bolstering defenses with the cloud. SMBs have increased cloud use. In 2014, 55% midmarket companies hosted some networks in the cloud; by 2017, that number rose to 70%. Respondents believe that the cloud helps them close security gaps: 68% said the cloud offers better data security, while 49% said the cloud helps businesses to compensate for their lack of internal IT staff.

Outsourcing security tasks. Many SMBs also look to outsourced assistance to fill internal gaps in resources and to boost knowledge of threats. Fifty-two percent of survey respondents said they outsource security tasks because it’s cost-efficient; 51% said it helps them respond to security threats more quickly.

Responsible leadership. While the security talent gap is an ongoing challenge, SMBs are working to shore up their security leadership ranks. Ninety-two percent of midmarket businesses said they have executives responsible and accountable for security, while 42% have a CISO (chief information security officer).

More frequent drills and reviews. Resource constraints mean that SMBs don’t review their security practices frequently enough to stay ahead of attackers. However, conducting regular reviews can identify weaknesses in security defenses before they create problems. The good news is that 91% of midmarket businesses reported that they are conducting drills to test incident response at least once a year, according to the Cisco study. (But only 49% of midmarket businesses review and improve security practices over time.)

Time for a cybersecurity strategy

How else can a company respond to the challenges that cybercriminals throw its way? First, companies need a strategy. Only 38% of SMBs have an active cybersecurity strategy in place, according to the Vistage Research Center. Planning should include end-user training as well as business continuity and crisis communication plans so that when an attack happens, a business can recover more quickly.

Also, as the Small and Mighty report suggests, businesses need to recognize that there’s no silver bullet to fix cybersecurity woes. The threat landscape is too complex and dynamic, and attackers are constantly innovating new approaches, and refining successful tactics, to evade defenders. Instead of standing still, small and medium-sized businesses need to continually evolve their security strategies to respond to an ever-expanding attack surface.

For more news from RSA, check out our RSA 2019 conference coverage.

For more Cisco news:

For more Cisco products and resources:

Christine Kent

Christine Kent is a San Francisco Bay Area writer focusing on security and technology.

Jane Irene Kelly

Jane Irene Kelly is a business and technology writer based in Pennsylvania.