Protecting SMEs from the evolving threat landscape
Protecting SMEs from the evolving threat landscape
From the WannaCry and Petya attacks of last year, to the more recent hits on a number of healthcare providers this year, larger organisations dominate the headlines when it comes to cyber-attacks. However, it's the small to medium sized businesses that are becoming the primary targets and bearing the brunt of most attacks, with 875,000 UK SMEs affected by a cyber-attack in the last twelve months alone. 

SMEs are seen as a ‘gateway' to the larger organisations. Many of them are connected electronically to the IT systems of larger partner organisations, providing cyber-criminals with an inroad to the ‘big names' and their valuable data. The security defences of SMEs are often less sophisticated than those in place at larger companies, so, these cyber-criminals are looking to go small to win big. 

Many smaller businesses are still complacent about security, assuming that they are safe from malicious attacks when, in reality, it's quite the opposite.

To that point, Node4's ‘Mid-market IT priorities 2017' report reveals even the most basic security measures aren't being met, with 25 percent of mid-market businesses lacking basic firewalling measures; only 54 percent using data encryption and 75 percent having no DDoS protection despite this being an escalating concern.  

The biggest problem, however, is that many companies do not have visibility of their systems. Systems are becoming increasingly heterogeneous, and are therefore vulnerable to multiple attack vectors. However, a shocking 75 percent of mid-market businesses have no Unified Threat Management solutions in place and 67 percent of them have no intrusion detection whatsoever. So, it's not that surprising that 41 percent of IT decision makers (ITDMs) don't know how many incursions they've had in the last 12 months.   

Cyber-crime is clearly a very big threat to SMEs and more needs to be done to protect their businesses from the growing threat landscape. Here are Node4's top three tips to arm SMEs with the tools and solutions they need to help prevent becoming a target of an unsolicited cyber-attack. 

First and foremost, pay attention to the basics 

In many instances, having simple (and often low-cost) cyber-security measures in place can go a long way to prevent loss or damage to SMEs. 

All devices connected to an SME's network, be it computers, laptops or tablets, can become easily infected by viruses and malware. However, just by installing anti-virus security software, these businesses can stop the spread of any malicious threats; but keeping both the devices and company safe from attack. 

It's also important to download software and app updates as soon as they appear. They contain vital security upgrades and will provide SMEs with that extra layer of protection. 

Lastly, using strong but memorable passwords, not re-using the same password for multiple logins and implementing two factor authentication will provide SME's with better defence. 

Make yourself less easy to target with UTM and SIEM 

A recent report by Barclaycard revealed that only 20 percent of organisations believe cyber-security to be a top business priority, suggesting why they are a prime target for cyber-criminals.  

These SMEs need to ensure that they remain one step ahead of cyber-criminals, and should seek advice from cyber-security professionals and invest in protection policies. 

Investing in and adopting Unified Threat Management (UTM) solutions will offer them better protection against the growing number of threat vectors. UTM consolidates threat management under a single-pane-of-glass and is designed to protect users from a range of complex threats. 

In addition, using a Security Information and Event Management (SIEM) strategy, will give them a birds-eye view of their entire IT network. It will also allow companies to mitigate threats as they develop and will help them inform future defence strategies. 

Keep your staff abreast of cyber-threats  

According to Node4 research, the biggest internal threat to a business is the human element. This isn't through malicious attacks, but errors made by employees themselves. More often than not, an employee's view is “it doesn't matter what I do, the IT department's firewall will protect me”, which is far from the case.

IT teams need to keep users abreast of the latest threats that leave them vulnerable to phishing and ransomware and educate their staff on the evolving threat landscape and the potential threats of, eg opening unsolicited email attachments. 

An increasing number of SMEs are becoming victims of cyber-crime as they are being viewed as ‘easy targets' by cyber-criminals. Without adequate and sophisticated security defences in place, a large percentage of businesses will find themselves falling victim to cyber-attacks in the next twelve months. It's time for these SMEs to step up and ensure they have the right policies in place to prevent this threat from becoming a reality. 

Contributed by Steve Nice, Chief Technologist, Node4

*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.