It’s no secret that cyber criminals like to try out their latest tricks on big businesses, with high-profile enterprises falling foul of the criminals’ collective efforts at an alarming rate. It’s unlikely that a vicious cyber attack on a smaller enterprise will garner anywhere near the degree of publicity that follows on from the hacking of an international corporation.
Still, this doesn’t mean there aren’t consistent and successful attacks against small businesses on a daily basis.
Nearly one million SMEs suffered a cyber attack in the last year — which is no surprise considering that SMEs host customer data, IP, and other prized assets in exactly the same way as the enterprise.
Cyber crime companies: the twisted offspring of the lean startup model
It’s important to remember that, these days, cyber crime is an industry in and of itself.
The industry has arguably taken inspiration from SMEs themselves; although certainly despicable, nefarious cyber businesses have sprouted up, analogous in many ways to the startup world. Both have adapted to a highly pressurised and competitive environment by adopting a similarly lean and agile approach. Unfortunately, though, the criminal world has twisted the now-familiar lean business principles, renowned for giving SMEs an edge, and mutated them to create a contemporary criminal network that is, regrettably, highly effective.
As such, whether a business is large or small, if it holds something of value, it could be a target. Previously, sophisticated security defence technologies have traditionally been the reserve of big businesses with well-funded budgets, leaving smaller players exposed to threats.
However, given the technical challenges of running security systems around the clock, there is an opportunity for hosted and managed security services that relieve the skill and resource pressures faced by many organisations in the mid-market.
Proactive threat-hunting is key
Still, such offerings need to be robust and employ proactive measures, such as threat-hunting and more progressive machine-learning capabilities. In essence, SME offerings need the same capabilities as the highly skilled security operations found in well run large enterprises. This is where the benefits of cloud-hosted protection becomes most apparent.
In turn, this will move the needle for businesses of all sizes and budgets, as it affords customers the ability to purchase the expertise they require. This leaves their own teams to focus on incident response, incident handling, and other higher value activities where knowledge about the IT environment and business is needed. The grunt work is removed, as people don’t need to constantly look over the product for alerts; moreover, the company doesn’t become more at risk out of working hours.
At the end of the day, businesses can no longer afford to have staff distracted from their other, vital responsibilities. At the same time, it’s imperative that they bolster their detection and response capabilities. By adopting the combination of a managed and hosted service delivery and user entity behaviour analytics (UEBA), businesses can arm themselves with an ideal, cost-effective solution to this conundrum. What’s more, this technology is available within mere minutes of being deployed, so business leaders can act swiftly.
Sneaking up the supply chain
All of this is especially important, given the important roles played by many SMEs in the complex supply chains that power the economy. Cyber criminals target businesses not only because of their own corporate identity and data, but also because of which other businesses and key individuals they have access to.
Evidently, SMEs must be able to access economically viable cyber security protection, for an approach that’s both proactive and time-saving. Only by doing this can they save not only themselves from the perils of an attack, but also much bigger enterprises further up the chain — protecting a whole host of staff and consumers in the process.
When all’s said and done, technology should benefit everyone, rather than just those with big cyber budgets. Putting such powerful technology directly into the hands of businesses — regardless of size — means that every business can access a highly secure, easy to deploy, and economically friendly resolution. Ultimately, this is what all emerging enterprises deserve.
Dr Jamie Graves is founder and CEO of ZoneFox. He founded the company in Edinburgh in 2010 after being a fellow of Napier University and attending MIT.