There is a worryingly common assumption among small- and medium-sized businesses that they aren’t at risk of cyberattacks due to their relative size. Of the 500 senior decision-makers surveyed in the 2019 SMB Cyberthreat Study, 66% said they believe that a cyberattack is unlikely to happen to them.
This is despite the fact that, this year, Verizon found that 43% of all cyberattacks targeted SMBs.
It doesn’t make sense for cyber criminals to waste time and effort attacking the well-defended fortresses of large businesses. When SMBs don’t have the same resources to secure themselves and buy into the misconception that they aren’t an attractive target, they leave themselves open to exploitation. It’s much easier to profit off vulnerabilities in the cybersecurity of smaller companies that don’t stay on top of their basic cyber hygiene.
So that’s what they do.
Good cybersecurity ultimately comes down to ensuring that a security-first culture is implemented across your business and that your essential tools and processes are effectively maintained. After human mistakes, the easiest vulnerabilities to exploit are those found in poorly maintained infrastructure.
Total visibility of your network is crucial to keeping your business secure. This means not only tracking all the hardware that accesses or stores your organisation’s data, but also monitoring the security tools installed on each device to ensure that they are all functioning at full capacity.
This gets increasingly difficult as your business grows and you have more staff using more hardware. BYOD culture and the popularity of remote working only further complicate things, with these convenient and often necessary measures creating additional layers of work for your cybersecurity.
But that only makes a real time inventory of your full IT infrastructure all the more valuable as a precaution. The more potential access points a cyber criminal has to your network, the more confident you need to be that they are all properly defended.
Despite this, a study carried out by HDI found that on average, only 76% of IT hardware is included in an inventory – see their breakdown in the table on the right. Some devices are left out due to general negligence and Hardware Asset Management (HAM) policies not being properly enforced. Others are purposefully not inventoried as some companies choose to only catalogue devices that are under warranty or won’t track those that are not worth a lot of money or aren’t believed to have sensitive information stored on them.
Given the vast connectivity of modern hardware, this is a huge mistake for any business to make and could have enormous consequences if one of the ignored or forgotten devices is compromised.
Your organisation’s data is only safe if every device handling it is protected. You can only protect those devices if you are aware that they are being used. You can only have full awareness of your physical network if you have a live inventory of it.
Manually monitoring this many devices to ensure that the software keeping your business secure is up to date and fully functional would be a full-time job in and of itself. But if you don’t have eyes on your network at all times, you might not notice a glaring hole in your cybersecurity until it is too late.
SMBs need automated systems that show, first and foremost, that the security tools on every device in your infrastructure are properly installed and working.
This is why ThreatAware has developed the Smart Inventory, a live directory of your entire digital infrastructure. It shows you the status of all your security tools on all your devices across your entire network in a single dashboard, so any gaps in your cybersecurity are clear at a glance.
Read more about the Smart Inventory.