There’s no one right way to combat cybercrime
Small and midsize businesses need to be especially inventive when it comes to cybersecurity initiatives.
The consequences of even the smallest of cyberattacks can be devastating, particularly for growing businesses.
In fact, according to research from the Ponemon Institute, last year the average cost of a malware-related attack was $1,027,053 for SMBs. On top of the expenses related to damage or theft of IT assets, SMBs reportedly spent another $1,207,965 due to disruption to normal business operations.
Thankfully, cybersecurity tools and practices have advanced alongside today’s ever-evolving risk landscape. Gone are the days of limited, expensive cybersecurity options, or only large enterprises having access to the best products. Thanks to technologies such as cloud infrastructure, artificial intelligence and machine learning, for instance, SMBs have affordable access to a variety of proactive, automated cybersecurity solutions that can help their IT teams quickly identify and mitigate threats before it’s too late.
In addition to the variety of technological cybersecurity tools available to SMBs, there are additional, resourceful tactics growing companies can employ to more effectively defend their most critical business assets, including:
Hiring an in-house team: While it’s certainly a more expensive option (i.e. not only are you paying for in-house staff’s time and service, you’re also paying for their equipment and benefits), hiring your own in-house cybersecurity team offers dozens of benefits. First and foremost is having total priority and access to an IT team any time there is a security incident. Also, in-house teams can’t help but be very familiar with their organization’s unique needs, risks and processes, allowing them to react to potential threats faster and more seamlessly than an external team might.
Hiring an agency: Hiring an external cybersecurity team can work better for some organizations, as it’s often the more affordable route. Additionally, working with external agencies allows companies to sidestep the widespread problem of finding and retaining sufficient cybersecurity talent. It’s crucial, however, to take the time to find an external cybersecurity partner who is well-versed in your industry and can help set clear goals that align with your organization’s particular needs.
Leveraging threat hunting: Threat hunting is the process of an experienced cybersecurity professional proactively using manual or machine-based techniques to identify security incidents or threats that existing detection methods can’t catch. The practice can be invaluable to organizations with in-house IT teams, as successful threat hunting doesn’t require additional costs and allows cybersecurity staff to be more creative and listen to their intuition, rather than solely rely on automated alerts.
Building a cybersecurity culture: One of the most affordable ways to protect the health of your growing business is to foster a company culture around cybersecurity. Host regular cybersecurity training sessions for all of your employees and make sure everyone in the organization is familiar with the latest threats and attacker tactics. Most importantly, make sure all employees recognize that cybersecurity best practices should never be a casual afterthought or reserved only for the IT department.
Get cyber insurance: Even with the most robust cybersecurity measures in place, organizations can still get attacked. To fully protect your most critical business assets — including your employees’ safety, customer data, operational finances and public reputation — invest in a cyber insurance plan that meets the unique needs of your business. For instance, many plans include coverage against privacy liability and payment card loss, in addition to covering the immediate expenses associated with a data breach.
Sixty percent of SMBs say cyberattacks are becoming more severe and more sophisticated, according to the Ponemon Institute’s 2017 State of Cybersecurity in SMBs report. And yet cyber threat detection and incident response rates remain worrisomely subpar, with organizations taking an average of 191 days to even identify a data breach. Worse, findings show it takes companies an average of 66 days to fully contain a data breach.
To protect day-to-day business health and also ensure long-term viability, SMBs need to be more inventive when it comes to their cybersecurity initiatives. Don’t rely on just one best practice or technology, and never assume state-of-the-art security methods are financially out of reach. By embracing a plethora of defense tactics — including cost-effective best practices such as threat hunting, establishing cultures of cybersecurity and incorporating cyber insurance — SMBs can better protect their hard-won business, all while maintaining lean budgets and supporting their unique risk factors.
Ari Vared (ari@cyberpolicy.com) is a vice president at CyberPolicy and CoverHound. These opinions are his own.
See also: