Hackers don’t care if you are big or small

If the disruption to the market conditions of 2020 was not already enough, businesses have had to deal with another big challenge: an explosion in cyber attacks.

Risk experts across the globe have observed an exponential rise in cyber attacks. A survey conducted by Willis Towers Watson found that 86 per cent of risk experts believe that the frequency of cyber attacks will increase further still, while a further 54 per cent expect that the severity (and thus cost) of those attacks will also rise.

When you consider that the average cost to recover from a ransomware attack has increased to more than $84,000, and that a business will fall victim to these attacks every 11 seconds by 2021, it's easy to understand why the risk managers at executive and board level will be showing a particular concern for the threat posed by cyber attacks. And that's what the big companies with the significant resources for expansive investment into security are struggling to deal with. Unfortunately, small businesses don't get any relief here. Cisco research shows that they care – 87 per cent of SME executives agree that security is a high priority and have made data privacy and security a part of their business culture. However, they're not spared the attention of hackers, and generally have far more modest resources for coping with it.

Keeping ahead of cyber criminals is exhausting in the best possible circumstances, let alone when you're trying to manage a diversified environment of employees working remotely, and the IT security team is small (if not part time). Small businesses need complete, layered security solutions because no one technology can eliminate cybercrime in itself, and it needs to pair that technology with best practice policy around security.

Computer security and extortion

Understanding the risk profile

Ransomware isn't the only security challenge that SMEs need to account for. It's perhaps the most worrying because it so often makes for dramatic headlines and the costs involved, but there are other forms of attacks, including DDoS, Phishing, Man-in-the-Middle attacks, social engineering (i.e. get someone to give the hacker your password), Worms, Trojan Horses, Polymorphic Virus, File Infectors, and dozens of other forms of malware. A small business executive needs to understand what protection on multiple fronts looks like in order to adequately defend against this breadth of threats.

The good news is that vendors recognise this, and the overarching narrative in developing security solutions in recent years has been total coverage. For example, Cisco security technology is comprehensive, while also being tailored to current working conditions. As such, it is able to offer enterprise-class holistic security solutions via a cloud-based platform, designed to allow employees to work safely from any device, at any time, from any location.

The coverage that Cisco security technology provides can be broken down into a number of key areas, or focal points:

1)     People. Small businesses need to have a way of authenticating that the users of their systems are who they say they are – remembering that passwords are often quite weak, and even stronger passwords can be compromised. Cisco Duo is a verification solution that helps protect sensitive data by verifying the identity of users, devices, and applications via highly secure, best-practice two-factor authentication.

2)     Devices. The typical small business is interacted with on a truly startling number of devices. So, for example, if you have a mobile or remote workforce, they may be connecting from an office, a home laptop, or a mobile device. Often employees are fluid and will interact with the network from all three over the course of a day. The challenge facing small businesses is that if malware gets onto any one of those devices, it can rapidly spread through the network. Cisco Advanced Malware Protection (AMP) for Endpoints detects and blocks malware and viruses across all of these devices, preventing it from growing roots into the overall network.

3)     Email. Email remains the communications lifeblood of many organisations, but it is also one of the most vulnerable entry points for hackers to target. Phishing attacks are increasingly complex, look like legitimate emails, and every day draw people into clicking on them, and the next thing you know is that you've got ransomware spreading through the system. Cloud-based email like Office 365 isn't immune from hacking either. While there's certainly a training story here, and organisations should be actively engaging with staff around best practice with email, technology can help too, and the Cisco Cloud Mailbox Defense puts our security inside Microsoft's cloud, so it's as close as possible to the mailbox and able to offer proactive protection against those email nasties.

4)     The network. Regardless of how many points of defence you have at the entry, it's still possible that malware will find its way into the network. Once there, it spreads malignantly, and encrypts your files or takes down critical systems. Cisco Umbrella helps here, providing a first line of defence against threats in the network by denying the DNS to ransomware, which in most cases stops it from spreading.

5)     Security backed by intelligence. Finally, with the explosion in security threats, it's impossible to manually keep up, and technology has a role to play in leveraging intelligence to identify and mitigate against threats before a human would be able recognise them. Cisco has invested heavily in developing a suite of security tools that offer businesses of all sizes machine learning smarts that can detect, analyze and protect against new and emerging threats in real time. Many small businesses are hit hardest by security threats that were previously unknown, as real-time systems are notoriously expensive, but Cisco's cloud-delivery provides them with the enterprise-grade security at a manageable price point.

A security breach is a potentially business-ending event for a small business. In fact, research shows that 60 per cent of small companies close within six months of a breach. Hackers and malicious actors don't discriminate, and indeed the perception that a small business will have inferior security makes them all the more attractive as a target. It's important for the health and continuity of small businesses that they are able to find enterprise-class solutions to lay their security foundations on.

Find more information via Cisco's enterprise-standard security solutions for SMEs