smb group report

SMB Group Report: What Small Businesses Need to Know About Cybersecurity in 2017

January 26, 2017 | By

The SMB Group, a technology industry research and analysis firm focused on the SMB market, just released its 2017 Tech Trends executive report, and it’s well worth the time to dig into this year’s top 10 tech trends affecting SMBs.

Unsurprisingly, one of the top trends is security. Specifically, according to the report, proactive SMBs are turning to managed security service providers (MSSPs) and cyber insurance to face the security challenges ahead in 2017.

SMBs: Overwhelmed and Underresourced

The SMB Group’s findings highlight that most SMBs are overwhelmed by the security issues they face, and feel that they aren’t adequately prepared to deal with threats – which is a sentiment we hear often in the conversations we’re having with customers and prospects.

The report points to stats from the National Cyber Security Alliance that many SMBs will likely find hit a bit too close to home: Almost 50 percent of small businesses have experienced a cyber-attack. More than 70 percent of attacks target small businesses. More than seven percent of employees leave their computers unsecured. As many as 60 percent of hacked SMBs go out of business after six months.

The reality is that too often SMBs simply don’t have the time or resources to respond effectively to security issues. So, what’s an SMB to do?

The Media Focus on Large Attacks

Over the past two years, there has been ample media coverage of major breaches at the brands people are familiar with – Sony, Target, the Office of Personnel Management (OPM). While undeniably damaging, sometimes the media focuses too much on breaches with the biggest names and most salacious storylines. But the majority of attacks, as the above stats show, actually target SMBs. These security threats can be much more mundane, but they can actually be even more impactful (especially when you consider that the majority of businesses in the U.S. are SMBs).

Ransomware will undoubtedly continue its rise, especially attacks against SMBs. In 2016, we saw a growth in the frequency of exploit kits that install ransomware, and there’s no doubt this will continue because it has proven to be an effective business model for hackers. Spearphishing will also continue to be a common entry point, because recipients of targeted emails too often give the “sender” (real or spoofed) the benefit of the doubt and click on links they shouldn’t.

How to Fight Back as an SMB

In response to these threats, here are three security best practices that SMBs should dig into in 2017 to give themselves peace of mind and an improved security posture:

1. Understand What Antivirus Can and Can’t Do: Antivirus solutions can only do so much. SMBs need to take a step beyond limited antivirus technologies and find solutions that can address the malware problem in a more dynamic way than signature-based AV can provide. How? Look for security solutions that take an inside-out approach to detection, using modern threat intelligence and blocking malware from communicating back to “home base” for further instructions. That’s the best way to curtail the damage that malware can do.

2. Think Beyond the Network Perimeter: Most businesses these days have a mobile workforce and rely heavily on all types of mobile devices to run their business. Between this and the advent of cloud computing, the traditional network perimeter is largely obsolete, making firewalls a protection built for another era. Employees need protection wherever they go, so a security solution that can provide malware protection at home, on the road, and at the office is vital.

3. Minimize False Positives and Alert Fatigue: The other problem with many firewalls and antivirus is that they produce a firehose of alerts and event logs. Most SMBs don’t have the time to effectively respond to real threats, let alone the flood of false alarms that many security “solutions” produce. A real security solution built for 2017 must:

  • automate threat detection and response
  • be intelligent enough to identify new and evolving threats
  • produce alerts only when something actually goes wrong

This helps both tighten an SMB’s security posture and make the security demands surmountable for lean IT teams. Here’s a quick read on what we can learn from Pavlov’s dog regarding false positives and the alert fatigue problem.

What Comes Next

In this latest report, the SMB Group outlines the challenges that small businesses face, and it’s just the tip of the security iceberg. It’s time for SMBs to review their security practices and technologies. And it’s time to invest in affordable security technologies that are easy-to-use, easy-to-manage and built for a modern threat landscape. Only then can SMBs be confident in their security posture so they can focus on growing their business.

That’s why we built Strongarm and why it’s free for the first 30 days. It’s time to make real security achievable for SMBs everywhere. We’ll all be better for it.