
What happened when we asked SMEs about cyber security
Data from Defense.com’s latest survey reveals serious barriers and misconceptions about cybersecurity among SMEs. We surveyed over…
Oliver Pinson-Roxburgh
CEO and Co-Founder
28th September 2021
The nature of SME business means they typically have increased operational agility compared to their mid-market and enterprise counterparts. Whilst this flexibility brings the ability to adapt well to changing market conditions and new business opportunities, it’s not without its compromises. In the SME world, staff work in multi-role positions, resource is tight and geared towards powering growth. This has historically increased the notable challenge of getting cyber security services that integrate well with SME’s resource-limited, highly flexible business operations.
We can categorise the specific challenges facing SMEs when it comes to cyber security as follows:
SME-specific cyber challenges need SME-focussed solutions. Despite over 90% of the world economy powered by SMEs, much of the cyber protection available is catered towards bigger organisations. This has traditionally made SME security an expensive and difficult proposition. But it doesn’t have to be this way.
We’re going to look at 4 cyber security services that, when taken together, cover the key SME requirements:
Hackers begin their path to breaching your organisation long before sending a phishing email or exploiting a security flaw. In fact the first step any cyber criminals takes is reconnaissance. Every business leaks a surprising amount of sensitive information that hackers find useful, such as what web assets, domains and ports are exposed, along with risks from web-based third-parties. Recon scans uncover this hidden information, allowing you to see through the eyes of a hacker and help you calculate your cyber risk. Recon scans are quick to run and are included in all Defense.com™ packages, so even the smallest start-up can get visibility of this unseen but important information.
No list of quick wins would be complete without penetration testing. It’s simply an essential cyber security service that no business, big or small, can afford to ignore. For SMEs in particular, penetration tests are low-touch and high value. It’s no wonder pen testing is mandated or recommended by every security standard and best practice guide you can think of.
SME infrastructure is usually much less complex than mid-market or enterprise environments, and also tends to use more cloud services. This brings two key benefits to SMEs: it not only makes pen testing easier and quicker to complete, but it also means the remediations are easier to implement. SMEs: 1, Enterprise: 0.
The risk weighting applied to each uncovered vulnerability combined with the threat tracking dashboards in Defense.com™ make it easy to see at-a-glance which remediations need to be prioritised to get quick value – and effective defences – from your pen tests.
Sometimes SME business owners and IT managers think that because they’ve done a pen test, their scanning days are done for another year. These people couldn’t be more wrong. This actually ignores one of the biggest attack vectors: that of unpatched software. Missing security patches accounts for up to a third of all critical security vulnerabilities identified in penetration testing, so keeping on top of your patching is vital to keeping hackers at bay. Whilst annual penetration testing is a no-brainer, they’re point-in-time assessments, and new security patches come out each and every week.
The best SME tactic here is to pen test annually and scan monthly – or weekly for the highest priority systems. This keeps on top of missed patches and shores up any security vulnerabilities until your next penetration test. This is another example of where SMEs have an advantage over larger organisations: scanning and patching is easier to do. And if you implement good patching regimes now, they’ll scale as your business grows.
The last item in this list might surprise you. It’s not a technical service, management system or compliance standard. What it is, however, is easy to deliver and mitigates the risk of the largest attack surface in your organisation: your workforce. Human error is responsible for more cyber attacks than anything else. And the way to secure the human is through training.
Many cyber attacks start with phishing, and even advanced cyber controls can be compromised by simple human error. This makes training your employees in the direct security consequences of their day-to-day actions a powerful cyber defence. It helps them contextualise and prioritise cyber security in their daily work life.
The word ‘training’ can conjure images of boring presenters with enormous PowerPoint decks, but modern security training is much more engaging – it has to be to be effective. Defense.com™ includes a series of online training videos covering key information your staff needs to know. With SME staff multi-role-ing and stretched thin, online video delivery gives a range of advantages:
When a cyber attack means lost revenue, ruined reputation and expensive recovery, making sure you’re doing the cyber security basics means you’re protecting your organisation’s ability to function. Follow these 4 simple steps and you’ll have laid a strong foundation for SME cyber security. The next step is to codify your security protection with Cyber Essentials certification – included for free in all Defense.com™ packages.
Oliver Pinson-Roxburgh
CEO and Co-Founder
Share this article
Try all these security quick wins and more with Defense.com™. Start a free trial today!
Data from Defense.com’s latest survey reveals serious barriers and misconceptions about cybersecurity among SMEs. We surveyed over…
As much as we try to avoid them, cyber attacks are a fact of life. There’s no doubting that the internet brought about heaps of benefits for both our…
Cyber security will always remain a pressing issue for businesses around the world, particularly so…
Through years of helping businesses improve their IT security, we’ve heard many times that small businesses feel particularly underserved…