Your Small Business Could Be in Big Trouble.
With digital resources becoming more encompassing of all operations in businesses big and small, having an appropriate means of incident management and damage control has become more necessary than ever. For smaller businesses however, the necessity for these safeguards is viewed ambiguously and in many cases, these smaller players have been punished for complacency towards the issue.
In recent years, security information and event management programs (SIEMs) have become commonplace in order to cope with increased standards of compliance and cybersecurity across industries. With capabilities in data aggregation, event alerting and, in some cases, AI-supplemented forensic analysis, the derived data can be used to achieve greater visibility over more than just security. Investment in cyber insurance is also growing, with many insurers currently being able to cover an array of security concerns including interruption cost (cost of ceasing business operations due to threat), breach cost, ransomware/cyber extortion, asset replacement, and even forensic support.
Despite these advancements, SIEMs and forms of cyber-insurance are virtually non-existent in the world of SMEs for the simple reason that they are deemed unnecessary.
Only 20% of businesses surveyed by Barclaycard believe that cyber security is ‘a top business priority’. The belief that it would not be worthwhile to target an unknown brand is one most managers would be inclined to accept. If you’re in charge of ten seemingly competent employees who you have no reason to distrust and you are trying to scale your business while retaining a frugal edge, then investing in cybersecurity would seem wasteful. In a twist of tragic irony, reality does not mirror these expectations. In fact, the regulatory climate of certain industries that host big names, such as finance, have urged rigorous re-assessment of approaches towards compliance, log-keeping, and incident management. This in turn can leave malicious outsiders (as well as insiders) to favour much less difficult prey and ultimately, small companies become more targeted.
While SMEs feel assured of their safety (despite heavy reliance on cloud services), the majority of them (roughly 70%) have reported a breach since the start of 2015. Considering that by 2015 the cost of an incident for SMEs could reach a high of £300,000 (three times the amount of the previous year), these statistics paint a troubling portrait. As businesses continue to reinvent themselves in the digital age, this cost will only increase. Let us not forget accidental disclosure, where the negligence of one employee or an overlooked weakness in the system can be exploited; the Moonpig incident in 2015, where a researcher stumbled on a software flaw that allowed the records of company clients to be accessed, could have been disastrous had the researcher not alerted the company upon discovery.
That is not to say that larger companies do not fall victim to breaches themselves. The damage caused by the Yahoo! data breach nearly two years ago is still being realised today. The difference is that larger companies tend to command resources and brand recognition which allow the mitigation of financial, operational and reputational damage caused by breaches, at least partially. Smaller companies are not as lucky and the damage to their brand can mean irreparable loss of clients or new business opportunities.
The compliance process, while necessary for larger businesses, can be very arduous. With everything that has to be done in terms of coordination and education, it can take months of optimisation to implement SIEMs. In this regard, SMEs find themselves at an advantage as this process would be much less difficult and many ways more beneficial. The information provided SIEMs can help in the avoidance of costly and development-hindering breaches by helping understand likelihood of events, potential entry points for attacks, and the potential scale of damage.
Data collected by SIEMs can also help smaller businesses properly account for factors that contribute to their growth and development. Being able to generate inferences beyond security and determine correlations in employee activity as well as communication patterns make today’s SIEMs incredibly useful for extracting valuable operational insights. These can vary from idiosyncrasies in employee behaviour to assessing levels of teamwork and engagement across departments. With the nuanced data such practices can provide, the potential for meaningful information on company activity is only limited by imagination.
Smaller businesses may not be convinced they require safeguards and in some very rare cases, they might be right. At the same time, it never hurts to be too careful, especially considering what is at stake for you, your employees and your customers. With cyber insurance, you could cover a lot of costs in the event of an incident but why not go that extra mile with SIEMs and understand how your network was compromised and which files were affected? You never know how the regulatory landscape in your sector could change. The future of compliance could make SIEMs a requirement in your industry soon. Why not take the opportunity to unlock the potential of your company’s data and derive some valuable insights today?
At StatusToday, we offer network security insights and much much more with our sophisticated, AI-backed solution. Our intuitive data visualisation engine can shine a light on all aspects of your small-to-medium sized business, from productivity and engagement to security and communication. Have a look at our demo today and understand just how far data can go in helping you drive greater success for your business.