Risk 3: Security is Insecure
We’re working our way through the series, The Cloud Wave: An SMB Imperative, where we’ve highlighted five areas of your operation at risk if you maintain the status quo. We encourage you to check out the first and second posts in the series. The third risk in maintaining the status quo surrounds cybersecurity, and it could be the most pressing single risk yet. For most small and mid-sized businesses (SMBs), their security is, well, insecure. The risk of inaction is real, and potentially devastating. The good news is, it’s a risk they can mitigate.
Why is cybersecurity a heightened risk for SMBs — and how can cloud hosting minimize the risk?
Size doesn’t matter
Some small and midsized companies have a false sense of security that they won’t be the target of a ransomware attack because they are smaller. In reality, perpetrators love to attack small businesses — they comprise between one-half and three-quarters of the ransomware victims. A 2020 SMB cybersecurity report from Connectwise found that 55% of SMBs have experienced a cyberattack. SMBs who fail to take the risk seriously, and take proactive action to secure their technology infrastructure, are risking everything. Some 60% of small businesses that experience a cyberattack are closed within six months.
The onslaught is real
There’s a new ransomware attack every eight minutes. More than 30,000 websites are attacked each day. And it’s not just the frequency that’s increasing. The attacks are becoming more sophisticated too. For example, the US Treasury Department identified 68 separate ransomware variants in 2021.
The list of scary metrics surrounding cybersecurity goes on and staying out in front on this security minefield requires more resources than most SMBs have internally.
Cybersecurity insurance coverage is hard to get
Cybersecurity insurance offers a measure of protection for SBMs, but it’s getting harder to buy. High demand in combination with high payouts leads to increased premiums. Businesses report premium hikes of 50% and even 100% year over year.
Naturally, insurance companies want to mitigate risks by recommending — or even mandating — that their insured take the proper precautions to protect against loss. The newest and most significant of those mandates is the requirement for Multi-Factor Authentication (MFA). Other requirements may include a current and tested incident response plan, an updated patch management program, air-gapped and encrypted backups, and employee awareness and phishing simulations, among others — all making it difficult for SMBs to secure and retain coverage.
The security army is shy on soldiers
The challenging employment climate, including the Great Resignation, has hit the IT industry particularly hard. Some reports have suggested a third of tech workers plan to quit in the next 12 months — others claim as many as three-quarters. On average, cybersecurity roles take 21% longer to fill than other IT jobs. Combine that with a significant uptick in demand for IT workers. It all adds up to an unprecedented zero-percent unemployment rate!
There are simply not enough qualified workers to provide SMBs the protection they need. A 2021 Cybersecurity Workforce Study suggests the global cybersecurity workforce would need to grow 65% to effectively defend organizations’ critical assets.
Remote work compounds the risk
Companies are worried about the security habits of their remote workforce – and rightly so.
More than a third of remote workers admitted to picking up bad cybersecurity practices and using security workarounds while working at home. These practices expose SMBs to additional security risks, such as email phishing schemes, which have accelerated during the pandemic. Other risks associated with remote work are remote desktop protocol (RDP) breaches. During Q1 of 2021, RDP breaches were responsible for the most ransomware attacks — despite reliable tools for securing RDP access.
Cloud – a safe port in the storm
More sophisticated and more frequent attacks combined with new mandates, fewer qualified IT personnel, and lax security practices create the perfect storm for SMBs. In our experience, SMBs have a very clear awareness of their security risks, but many lack the necessary internal resources to fully combat those risks. Even organizations with robust in-house IT departments are pressed to have the necessary resources to remain out in front of the essential security tasks and protocols.
Cloud Services Provider (CSPs) like Cloud at Work host your business applications in state-of-the-art data centers where redundancy, security, and availability are maintained at the highest level. Our data centers, for example, are geo diverse, provide 24/7 support and monitoring, perform hourly snapshots and daily backups (stored on separate networks), and offer disaster recovery time guarantees. Moving business applications to a hosted cloud model can help mitigate risk. Cloud computing is one of the best things to happen for SMBs — a safe port in the storm.