Small and midsize businesses (SMBs) have often been thought of as leaving security concerns to bigger corporations who have more to lose and have the resources to develop detailed strategies. A new report demonstrates that SMB security is not only not lagging behind, but is instead proving SMBs to be proactive and capable of defending their data and systems.

The report, developed by Cisco Security, included responses from almost 500 businesses with between 250 and 499 employees who provided insight into their security strategies. The findings demonstrate that SMBs are prioritizing security more than previously thought.

While there’s an assumption that SMBs have little in the way of dedicated cyber security resources, the report shows that 60% of SMBs have a minimum of 20 dedicated people focused on security. The findings don’t show whether these individuals are full-time security professionals, or whether they are in-house or a third-party provider, but it’s worth noting that 80% of large organizations report similar numbers. Only 40% of SMBs and 22% of big enterprises have smaller security staff.

There are several factors influencing the changes. Small businesses are experiencing higher levels of public scrutiny, and 74% of SMBs report receiving customer inquiries about their data practices, which is similar to the 73% reported by larger enterprises.

Some of the questions from customers are related to how SMB security is applied to the supply chain and third-party relationships. Another contributor to prioritizing security is the effect of regulations and compliance issues, which often first impact large providers and then are eventually adopted by smaller companies interacting with them.

In some ways, SMB security is addressing the same threats impacting big corporations. The incidents prioritized by both SMBs and large enterprises include 24 hours of downtime and ransomware or targeted attacks. SMBs may need to pay special attention to ransomware, phishing, stolen credentials, and spyware, while larger enterprises are focused on distributed denial-of-service and data breaches. 

Overall, there is a clear end to the attitude that SMBs are too small for hackers to target.

SMB Security Strategies

When an SMB experiences a severe incident, 75% of respondents say that the attack caused downtime of less than eight hours, compared with 68% of larger organizations.

SMBs are also prioritizing up-to-date technology, with 42% reporting that infrastructure was updated and 52% reporting that they regularly update their infrastructure. Fifty-six percent say that they address software patching daily or weekly, and 37% say that they patch every two weeks or each month.

SMB security is also prioritizing readiness, with 45% testing an incident response plan every six months, while 36% test once each year.

The report indicates a clear shift to SMBs focusing on security, prioritizing training employees to recognize phishing emails, and adhering to authorization and authentication strategies. This is important in a time where cybercriminals no longer target a particular SMB, but, instead, spam a group of businesses to see which one will fall prey to a phishing email. Those that lack a clear security strategy with dedicated employee training are more likely to be victims. 

If pursuing an SMB security strategy is on your list of priorities, contact us at Cloud Source. We can help you coordinate the right security solutions with a plan for employee training and awareness, significantly reducing your exposure to a cyber security threat.