Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


02:00 PM
Marc Wilczek
Marc Wilczek
Connect Directly
E-Mail vvv

3 SMB Cybersecurity Myths Debunked

Small and midsize businesses are better at cyber resilience than you might think.

Small and midsize businesses (SMBs) are the bedrock of most national economies. And being a small-business owner is a hard job, especially during economic downturns and crises like the current COVID-19 pandemic.

When the security industry looks at cybersecurity preparedness, it is often critical of SMBs. They are often portrayed as being lax or ignorant about security issues. However, Cisco's "Big Security in a Small Business World" report, based on a survey of approximately 500 SMBs (those with 250 to 499 employees) shows that SMBs are actually paying close attention to security and that their sometimes novel and entrepreneurial approaches are paying off. 

Evidently, it's time to clear up some common misconceptions about SMBs and cybersecurity. Here are a few of the biggest whoppers.

No. 1: Only large organizations face public scrutiny.
Our first myth is that the media is only interested in the large-scale attacks and breaches that occasionally wreak havoc among governments and huge corporate entities, and that attacks on SMBs don't or won't generate headlines. However, last year, smaller organizations garnered roughly the same coverage as their larger counterparts. In the Cisco survey, approximately half (49%) of SMBs reported that they were subjected to public scrutiny after a security incident.

Similarly, in 2019, 59% of SMBs voluntarily reported their largest data breach last year, as did 62% of larger businesses. Obviously, smaller outfits are dedicated to preserving their relationships with their customers and partners.

Interestingly, a majority of smaller businesses said they get enquiries from the people they serve about how they handle their data: Seventy-four percent of SMBs and 73% of larger companies reported that customers or prospects ask these questions about the firm's approach to cybersecurity. In other words, customers care about their personal data, and they need to trust the companies in possession of it.

No. 2: After a cyberattack, big businesses have less downtime and recover faster.
A major security incident can result in massive disruption in any business, large or small. But if you're an SMB, the most important consideration is not the length of downtime per se, but rather how you can ensure your resources aren't completely maxed out. In this regard, automation might be just what you need. It can provide both early warnings of attacks and quick responses to them, which can help safeguard your business. Research indicates that SMBs and larger organizations experience roughly equivalent downtimes after cyberattacks. Specifically, last year, 24% of SMBs were hobbled for more than eight hours as a result of their most critical security breach. Thirty-one percent of larger organizations reported a similar downtime duration after a major incident.

Fortunately, the use of automation as a security weapon is catching on. The Cisco report wraps up stating that in order to simplify and accelerate threat detection and response, a respectable majority (77%) of organizations of all sizes plan to automate their security landscape over the next 12 months.

What attacks are these companies hoping to avert? Ransomware, the threat most likely to cause 24 hours or more of system downtime, topped the list. DDoS attacks were the third most destructive attack in terms of downtime, particularly for large organizations with 10,000 or more employees.

No. 3: SMB leaders are lax about security and data privacy.
For any business with a digital presence, it's obvious that solid, always-available IT systems are a key to revenue generation, company reputation, and brand value. It's just as clear that for security to be done right, leaders have to support it, whether or not the business has 50 or 50,000 employees under its roof.

And the data shows that, indeed, SMB executives are keenly aware of all this. In fact, 87% of SMB executives polled by Cisco agree that security is a high priority — only 3 points below their counterparts in larger businesses. More than 66% of respondents in 17 different industry verticals said their leaders considered security as a top priority.

Closing Notes
The verdict is in: SMBs are no laggards when it comes to cybersecurity, and in many respects are faring no better or worse at it than their far larger counterparts. The data shows that SMBs actively consider security during their strategic planning and in the running of their daily business.

But SMBs also face special challenges. Many feel a continual pressure to grow and are doing it by deploying ever-larger mobile and remote workforces. While this can help a company achieve its growth goals, it also opens it up to a universe of dangerous security threats.

That's why beefing up security with state-of-the-art cybersecurity technology can pay off. Last year, SMB respondents who only replaced or upgraded security technologies after they stopped working had to deal with 7.6 hours of downtime after their worst security breach. In comparison, companies that had up-to-date systems were offline for only 5.4 hours.

The lesson is clear: In terms of cybersecurity, automated security tools with built-in analytics — ones that can detect and mitigate even unknown threats — can help SMBs play with the big boys.

Related Content:

Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really  bad day" in cybersecurity. Click for more information and to register

Marc Wilczek is a columnist and recognized thought leader, geared toward helping organizations drive their digital agenda and achieve higher levels of innovation and productivity through technology. Over the past 20 years, he has held various senior leadership roles across ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...