SMEs: how to move from naivety to cyber resilience

Ransomware attacks continue to grow in prevalence, with Sophos research showing 66% of Australian businesses hit in the last year, up from 37% in 2020. However, it is not only the volume of ransomware attacks increasing, but also the complexity and strategy behind each attack.

Attacks are becoming more targeted and efficient, with small and medium-sized enterprises (SMEs) under attack more than ever. SMEs’ naivety to the importance of cybersecurity — as 90% of SME leaders believe they could do more to prepare — makes them easy prey for cybercriminals. For SMEs to protect themselves from rising threats, they need to change their perspective on the level of risk cyber threats pose to their businesses and implement the right cybersecurity measures to avoid breaches and the relevant fallout.

Ransomware — a narrowing of focus and increase in success

As ransomware threats continue to evolve, organisations must keep in step and upgrade their cybersecurity. Most cybercriminals are using sophisticated and well-thought-out strategies, instead of the spray and pray tactics of the past. Last year, 65% of attacks succeeded in encrypting data, up from 54% in 2020. Ransomware attackers seek out easy wins, rather than chasing individual big pay-days, seeing it as a more sustainable ‘business model’ and easier to fly under the radar. This, coupled with SMEs not having robust solutions (like those seen in larger enterprises), makes SMEs more vulnerable to increasing attacks. The lack of cybersecurity practices amongst SMEs can predominantly be pinned to two reasons; not enough budget to invest in solutions and, worryingly, a naïve approach to cybersecurity.

SMEs — low-hanging fruit

There is a common belief amongst SMEs that because of their size, they’re safe from ransomware attacks. Being smaller, SME owners spin many plates across a variety of job functions within their organisation. Therefore, cybersecurity can easily slip down the list of endless priorities.

The lack of proactive cybersecurity practices means ransomware and other threats easily go unnoticed once they breach an SME’s system. In fact, Sophos found it takes a business with fewer than 250 employees on average seven weeks to notice a threat has breached its networks. It is vital SMEs shift their mindset from the narrative “we won’t be breached due to our size” to “every company is a target” and re-evaluate their investment in cybersecurity solutions.

Using an SME-tailored strategy

Unfortunately, SMEs don’t have the luxury that many larger organisations have to invest heavily in cybersecurity technology, teams and solutions. Therefore, they need to be strategic in their approach to cybersecurity. There are three key steps SMEs must take to do this:

• Invest in the right solution: Choose a solution that not only focuses on protection and prevention, but also detection and recovery. It is vital for businesses of all sizes to have a cybersecurity solution that can quickly identify breaches and reduce downtime.
• Prioritise education and knowledge: Many Australians don’t know how to identify suspicious activity online, how to avoid scams, or where and how to report attempted breaches. By increasing cybersecurity awareness amongst all employees, SMEs can improve vigilance and resilience and better protect themselves.
• Switch the mentality: SMEs need to ensure they are allocating enough budget and resources towards cybersecurity to back up data, scan for vulnerabilities and improve cybersecurity strategy and processes.
   

As the threat of ransomware continues to grow, SMEs that continue to believe they will never be attacked may find themselves in hot water and not able to recover from an attack. To avoid this, SMEs should review their perception of and strategy around cybersecurity to ensure they are adequately prepared to protect their business. It’s also okay to ask for help. Businesses that don’t have the resources to manage their security in-house can look to procuring cybersecurity-as-a-service from a cyber expert that provides 24/7 protection on their behalf.

Image credit: iStock.com/Just_Super