October 26, 2023 at 07:57PM
Small and midsize businesses (SMBs) face significant challenges in managing cyber threats, including employee mistakes, third-party compliance needs, data privacy laws, the hybrid workforce, targeted attacks, and a changing threat landscape. A study from Sage revealed that almost half of SMBs have experienced a cybersecurity incident in the past year. To address these issues, SMBs should prioritize cybersecurity as a business issue, create an insider risk program, provide individualized security training, and establish strong communication channels with other businesses. Additionally, there are resources available, such as the SMB cybersecurity guide from the Cybersecurity & Infrastructure Security Agency (CISA), to support SMBs in enhancing their cybersecurity measures.
During the Cybersecurity for SMBs Roundtable: Navigating Complexity and Building Resilience, several key challenges and recommendations were identified for small and midsize businesses (SMBs) regarding cybersecurity. Here are the main takeaways:
1. Challenges for SMBs and nonprofit organizations:
– The human factor: Employees’ mistakes, such as falling for phishing emails or allowing unprotected access to their devices, pose risks to company networks.
– Third-party compliance needs: Partner organizations and contractors demand compliance with their cybersecurity requirements, which may include financial institutions and highly regulated entities.
– Data privacy laws across states and countries: Noncompliance with data privacy requirements can lead to sanctions and fines.
– The hybrid workforce: Remote work introduces challenges in overseeing devices and online behaviors, increasing vulnerability.
– Targeted platforms and industries: Threat actors focus on organizations using applications that deal with fundraising or collect personal information.
– Changing threat landscape: New attack vectors, malware, and threat actors emerge regularly.
2. Research findings:
– Nearly half of SMBs have experienced a cybersecurity incident in the past year.
– While 69% of respondents worldwide claim cybersecurity is part of their company culture, only 25% say their company regularly discusses it.
3. Cost-effective cybersecurity measures for SMBs:
– Implement an insider risk program that oversees security policies, particularly focusing on employee behavior and addressing unintentional incidents.
– Consider the human factor in managing employee lifecycles, including onboarding and offboarding processes.
– Individualize security training based on job function, generational gaps, and tech savviness.
– Emphasize cybersecurity as a business issue rather than solely an IT problem, with management involvement and discussions about cyber threats.
– Foster a security culture that encourages openness and honesty when dealing with incidents and sharing lessons learned with other businesses.
– Utilize available resources and partnerships for guidance, such as the Cybersecurity & Infrastructure Security Agency (CISA) and its SMB cybersecurity guide.
In conclusion, SMBs can address cybersecurity challenges by focusing on employee behavior, individualized training, considering cybersecurity as a business issue, sharing information and lessons learned, and leveraging available resources.