Cisco to SMBs: 'Make sure your insurance covers cyberattacks'
Many SMBs are realizing they are exposed to similar threats as their enterprise peers. Often times, those realizations come after an attack. This year, we learned from the Cisco 2018 Security Capabilities Benchmark Study: More than half (54 percent) of all cyber-attacks result in financial damages of more than US$500,000 including, but not limited to, lost revenue, customers, opportunities, and out-of-pocket costs. That amount is enough to put an unprepared small/midmarket business out of operation—permanently— a small businesses nightmare come true.
With this in mind—it’s critical that SMB and midmarket organizations take steps now, if they haven’t already, to safeguard themselves and their customers and partners from cyber-attacks.
More than half of midmarket companies have experienced a breach
Cisco unveiled its SMB Cybersecurity Report, which leverages data from 1,816 SMB respondents across 26 countries. The study provides an understanding of the risks smaller organizations face and how SMBs stack up against their peers with respect to security. The report also shares some guidance for these organizations to bear in mind in 2018 and beyond.
According to the report, 53 percent of the respondents experienced a breach. These data breaches often times have lasting financial impact on a company, including lost revenue, customers, and opportunities, as well as the expenses to clean up after the breach.
Other notable highlights from the report:
- 30 percent of midmarket companies said breaches cost them less than $100,000, while 20 percent said it cost $1,000,000 to $2,499,999.
- SMBs and midmarket organizations face fewer than 5000 security alerts a day.
- Midmarket companies investigate 55.6 percent of security alerts.
- Targeted attacks against employees such as phishing (79%), advanced persistent threats (77%), ransomware (77%), DDoS attacks (75%), and proliferation of BYOD (74%) are the top five security concerns for SMBs.
Maximizing Security Effectiveness
Companies are evaluating and investing in staffing and technologies to address the threats that keep them awake at night. If staffing resources were more available, midmarket companies would be more likely to invest in:
- upgrading their endpoint security to more sophisticated advanced malware protection/EDR – the most common response at 19 percent.
- better web application security against web attacks at 18 percent.
- deploying intrusion prevention, still seen as a vital technology to stop network attacks and exploit attempts at 17 percent.
Solutions using machine learning and automation are relied on slightly less heavily by midmarket businesses when compared to organizations with more than 1000 employees. SMB companies are looking for vendors to integrate machine learning and AI technologies into the detection layers of existing solutions vs. standing up stand-alone projects. Cisco is leading the way with machine learning algorithms at the core of its Encrypted Traffic Analytics technology.
SMBs are also considering the solutions needed to secure today’s work environment, including the continued influx of mobile devices on company networks and adoption of cloud services. Cloud services adoption has increased in recent years, from 55 percent of midmarket businesses hosting some of their networks on the cloud in 2014 to 70 percent in 2017, as companies seek to scale their resources and consider leveraging external security resources like Managed Security Service Providers.
Because SMBs and midmarket companies are not immune to the challenges created by the shortage of cybersecurity talent, they are finding ways to maximize their limited resources. More than half of these organizations rely on outsourced partners for advice and consulting services, incident response, and security monitoring.
So, What More Can SMBs Do?
Unfortunately, we’re nowhere near finding a magic bullet for cyber-attacks. However, organizations can take steps to transform their entire company into a “security aware” business. Arm your employees with the foundational knowledge required to help them avoid falling victim to campaigns directly targeting them. National Cyber Security Awareness Month in the U.S. and European Cyber Security Awareness Month begin next week and present a perfect opportunity to educate employees on the most prevalent attack vectors in your industry and what they can do to avoid them.
Beyond that, review your insurance policies to ensure they cover loss of business stemming from a cyber-attack, and ensure your crisis communication plans enable faster recovery and help prevent reputational damage.
Companies don’t have to recreate the wheel to establish an effective security program; they simply need to look around them, learn from others in the industry, and apply measures that will bring value in their own community.
A final recommendation for SMB’s to drive improvements in security is to recognize that incremental change is better than no change. In summary, they should not let a desire to find the perfect silver bullet get in the way of becoming incrementally better. Remember to keep security above everything.
Industry: Cyber Security News
- Healthcare Business Development Manager
- Up to £60,000 Base + UNCAPPED Earnings
Healthcare Business Development Manager We are currently working with a multi-vendor IT solutions provider who are looking for a Business Development Manager who will be responsible for selling into the Healthcare Industry in a new business focussed position. The Healthcare Business Development Manager will have Current/Recent experience working for an IT managed services business/solutions provider. Experience delivering £150,000+ GP a year Current/Recent experience winning new healthcare accounts (all accounts won are kept) Flexible working is provided and also uncapped earnings. Apply for more information or call Peter Georgiou on 02086634030. Unfortunately, our client are unable to provide sponsorship so candidates must be UK based (commutable to London). Ref PG7577
- Cyber Incident Response specialist
- Up to £75,000 Base
Cyber Incident Response specialist is needed to join a global consultancy whose cyber business unit are continuing to their investment in the growth of their team. The Cyber Incident Response specialist role is client-facing that will join an award-winning team that deliver varied, interesting and often challenging work to a wide range of prestigious clients. The Cyber Senior Incident Response MUST have current experience taking a client through the complete IR / triage process and have a blend of both technical and commercial (identifying and developing new business opportunities within a client) Proactive Incident response, forensics and Ediscovery experience is a MUST. An individual must be London commutable and happy to travel, often internationally. Key attributes should also include; stakeholder engagement, mentoring of team members, a collaborative working style. Technical experience must include; demonstrable experience within an cyber incident response, Forensic, cyber etc. Additional certifications could / should include GIAC certified (Intrusion analyst, incident handler, forensic handler) Any of the following are very desirable also CREST Certified Network Intrusion Analyst (CCNIA) CREST Certified Host Intrusion Analyst (CCHIA) CREST Certified Malware Reverse Engineer (CCMRE) CREST Practitioner Intrusion Analyst (CPIA) Career development and the opportunity to influence, apply today for more information or call Chris Holt on 07884666351 or 02086634030 or email email@example.com Unfortunately, our client are unable to provide sponsorship for this opportunity. Candidates must be UK based. Ref: CH7578
- Sales Engineer (Telecoms, Ethernet, SDH, MPLS, IP)
- Up to €75,000 + Commission
Sales Engineer / Presales Consultant is needed for this Global Tier 1 carrier. You will be working with Enterprise customers helping to design solutions that solve your their business needs. You will be responsible for working alongside sales providing presales technical consultancy around my client's solutions base. You will be responsible for providing support for new business opportunities in terms of responding to RFIs & RFPs, understanding customer network requirements, high-level network architecture & design (including supplier selection on a global basis) and technical handover to network implementation teams. This is a great opportunity to join a global player who are growing their France based teams. You will require a successful track record in the telecommunications arena ideally from a global tier 1 ISP or network provider, with a demonstrable track record in designing complex enterprise solutions. A Sales Engineer needs to be technically astute and has had experience in the design, presentation, and implementation of Wide Area Networks (WAN). They need to understand a range of Layer 1, 2, and 3 technologies (Ethernet, SDH, MPLS, IP, etc) and build a solution based on the best technology to meet a customer’s requirements. In addition, they should have an understanding and experience in supplementary telecommunications services such as VoIP, Video Conferencing, Cisco and Riverbed hardware, and Security If you have any questions about this role, give us a call on 0044208 663 4030 or contact/send your CV to firstname.lastname@example.org Ref: RA7275
- Partner Manager (Network and UCC Services)
- Up to €100,000 plus €60,000 OTE, car allowance and benefits
We are looking for an experienced Partner Manager / Channel Manager to work for a global service provider to sell their Global SIP and Network Services to Enterprises and corporates through the partner market. This is a hunter role, and looking for an experienced salesperson who has knowledge of selling to and through the SI, Cisco and Microsoft Resellers. You will be responsible for Own and formulate a Sales and execution plan to get to quarterly targets Generate Leads from the partners Work with the Partner salesperson to help close deals. Acquire new partners and Deliver Quarterly numbers through the partners Work with Partner Marketing to create and run joint Partner plans/events to drive sales You will need to have experience in selling at least one of these services, global SIP, UCC and SD-WAN into and through the channel of, European Sis, Cisco or Microsoft resellers. Hunters who can identify key decision-makers in the targeted accounts Should be credible for partner to trust the person with leads and opportunities Drive to work through leads to closure along with the partner salesperson Ref: RA7277