Cyberattacks pose a threat to all organizations large and small, but SMBs can be particularly vulnerable as they often lack the budget, resources and expertise to prevent and recover from a successful security breach. A new report from Intuit QuickBooks reveals the types of attacks that threaten SMBs.
The latest Small Business Insights report is based on a poll commissioned by Intuit QuickBooks in March 2022 that elicited feedback from 2,031 small business owners and decision makers in the U.S. The businesses included in the survey have up to 100 employees and more than $5,000 in annual revenue. Some 29% of them were brick-and-mortar operations, while the rest were omni-channel, multi-channel or primarily online businesses.
Asked about their current concerns, half of the respondents cited rising costs, while another half cited the economy. Supply chain problems were mentioned by 33%, cash flow by 29% and cybersecurity threats by 23%. Other issues included low consumer demand, lack of funding, skills shortages, low-price competitors and employee retention.
Focusing on the threat of cyberattacks, 42% of those surveyed revealed that they’ve experienced a cybersecurity breach. Malware was cited by 18% as the most common type of security threat, followed by phishing among 17% and data breaches among 16%. Website hacking was mentioned by 15%, DDoS attacks by 12% and ransomware by 10%.
There are several reasons why SMBs are a tempting and vulnerable target for cybercriminals.
“SMBs will continually be a target of opportunity, and we will continue to see threat actors focusing on service providers who provide managed services for small businesses, since they can hit one to impact many,” said John Hellickson, field CISO at cybersecurity advisory firm Coalfire.
Further, SMBs often turn to free and built-in security tools that come with existing products rather than invest in dedicated security technologies, according to Joseph Carson, chief security scientist at privileged access management provider Delinea. This is because resources are limited, so they lack the time to focus on security. As such, they count on being lucky to avoid becoming the victim of a cyberattack, Carson said.
How to defend your SMB
To help SMBs bolster their cybersecurity defenses, here are several pieces of advice:
Invest in leading end-point detection and response tools, suggested Hellickson. Much more advanced than standard antivirus products, these tools should be installed on all employee computers and company servers. Hellickson also recommended that SMBs review the free guidance from the FCC and the US Chamber of Commerce.
Look into strong identity and access management tools, advised Carson. These products not only defend your business from unauthorized access but can help you better scale as you grow. Investing in security up front is always a better strategy than trying to recover from a cybersecurity incident.
Use hardware security keys, recommended Mohit Tiwari, co-founder and CEO at security firm Symmetry Systems. Using these physical keys is a good start toward combating cyberattacks that try to exploit compromised passwords. Another action item is to identify your most important assets, such as customer information, and review the permissions and access to it.
Make use of multi-factor authentication, advised Isabelle Dumont, VP of market engagement at cyber risk firm Cowbell Cyber. MFA is a must for all administrative accounts and for email. For cloud-based services, setting up MFA is a free process that shouldn’t take long. Further, an incomplete picture of the organization’s IT footprint can lead to blind spots, so it’s important to inventory all your assets to know what needs to be protected and how.