Small and medium enterprises (SMEs) are an extremely important part of the UK economy, accounting for three fifths of private sector employment and generating £2.2 trillion in revenue, just over half the UK total.
But these firms are under threat. SMEs operate under a constant and growing risk of cyber attack, with a study by the DCMS finding that 62 percent reported a security breach in the last 12 months.
Phishing and impersonation have continued to be the most prevalent attacks, but firms are also facing increased danger from other threats like ransomware.
Smaller firms are seen as low hanging fruit by cyber criminals because they will usually have much less access to security resources compared to larger corporations. Attackers know that these firms will be more likely to have security vulnerabilities such as missed patches and misconfigured clouds, and will also be less likely to be equipped to detect and stop incoming attacks.
These organisations are also under pressure to allocate their limited resources towards compliance, with privacy and security regulations like the GDPR hanging over them as a barometer of perceived security. Not only can non-compliance result in hefty fines, but compliance has become an increasingly important factor for large companies choosing suppliers and partners.
What are the biggest security challenges?
The DCMS report found that directors and other senior managers at smaller businesses were much less likely to be regularly given updates on security actions. But we find that it’s not that SMEs don’t care about cyber security, but rather it’s just one of many issues competing for their attention. Digital transformation efforts such as cloud migration are a major priority if firms are to stay competitive and grow.
This has become even more pressing in 2020 with the new demands on remote working. Indeed, the current economic upheaval means many firms are fighting hard to simply stay afloat and are even less likely to have the time and resources to focus on security.
The lack of available capital to invest into effective security solutions and personnel is perhaps the most obvious challenge for SMEs.
However, even when SMEs have invested in multiple security solutions, the result is likely to be fragmented and unwieldly. Each tool comes with its own management console and security controls, so IT managers must deal with a barrage of unconnected alerts from their tools for email security, behavioural analytics, malware detection, and any other solutions in place. It’s challenging to get a full view of the company’s cyber security status, and activity such as checking that a remote worker’s device is secure will mean diving into multiple different platforms and controls.
With so much disorganised noise being generated, IT teams will have a difficult time knowing where to focus their efforts and will find it challenging to effectively respond to vulnerabilities and threats. It also means that the company is spending a sizeable portion of its limited IT budget on security tools that are not being used effectively and offering their full value. And still there are likely to be security gaps they are not even aware of yet.
Rather than investing in yet more tools to try and plug these gaps, SMEs need to take a step back and start making the best of their existing security infrastructure. Uniting different security solutions under a single platform will help IT teams establish the full picture of their current security standing and biggest risks and priorities. From here, they can begin to realise better efficiency from their security suite’s capabilities, as well as ensuring future investments deliver maximum security and value.
Alongside reducing risk, this also makes it easier to ensure regulatory compliance. Firms will also be better placed to pursue certifications like Cyber Essentials to demonstrate to their customers and other stakeholders that they take security seriously.