smb security challenges

7 SMB-Specific Security Challenges and How to Overcome Them

July 27, 2017 | By

Did you know that 43 percent of cyberattacks are aimed at small and midsized businesses? If you fall into that category and think you’re too “small fry” for a cybercriminal to come after you, think again. Small businesses are a lucrative target because many do not have sufficient defenses in place to protect against attacks.

Historically, SMBs have put their IT managers (or managed service providers) in charge of cybersecurity in their organizations. As these companies have grown, they have relied on technology such as firewalls and antivirus to protect themselves, and these just aren’t sufficient against today’s most sophisticated attacks.


Well, 90% of all attacks start via one of these three vectors:

  • Phishing (both general and highly targeted spearphishing)
  • Exploit kits
  • Malvertising

Many of these types of attacks easily skate right around antivirus and firewalls. Technology isn’t going to solve these problems. Below we outline the seven biggest challenges SMBs face. Any of them resonate with you?

SMB Security Challenges

  1. Happy Clickers: Employees don’t always have proper training on IT security issues, so they may be prone to clicking on phishing emails, malicious links, or other types of social engineering, leading to security issues for the whole organization. Even with plenty of user education, some people just love to click! Happy clickers are a fact of life for many small to midsized businesses and can dramatically increase risk.
  2. Same Problems, Smaller Budget: SMBs face many of the same problems with online attacks as big companies – but they don’t have the budget or people to deal with it. Cleanup costs and downtime can take a huge toll on a small organization, even putting them out of business.
  3. Human Resources: Often there are not enough subject matter experts on the team or they don’t have enough man-hours to handle everyday threat monitoring and response on top of everything else they’re tasked with doing.
  4. Security Costs: Most security solutions are prohibitively expensive to procure and maintain — and the value is often questionable, given you may not have the time or resources to properly configure and manage them to extract the full value. However, the costs of a security breach can be even higher (downtime, financial loss, legal repercussions, reputation).
  5. Complexity: Security can seem complicated. Companies are not sure how to select the right security solution and once they do select one (or a few), most are too complex and time-consuming to maintain.
  6. Ever-Evolving Threats: It can be hard to keep up with new threats without a dedicated security team or automated threat intelligence solution, and even once a threat is identified, teams often don’t know how to take action.
  7. Reputation Management: An SMB often lives and dies by its reputation, so a security breach isn’t just a technical issue — it can have not only immediate financial and legal costs associated, but long-term business consequences.


The Good News

But the good news is that we no longer live in an era when only large enterprises can afford to arm themselves with the tools it takes to fight back against attackers. Today, it’s entirely possible to successfully overcome SMB security challenges and defend your network against a wide range of attacks—even with an SMB-sized budget.

But don’t take our word for it! In this SMB vertical case study, we take a look at how several of our SMB customers have successfully defended themselves against a variety of attacks, as well as increasing employee productivity and decreasing time to resolution using Strongarm’s DNS-based protection.

Read the Case Study