Real work, real risk
Welcome to real world working. Where your teams can be here, there, and anywhere they want to be. But also – and critically – where new cybersecurity threats exist.
Today, work for many small and medium-sized enterprises (SMEs) means managing multiple networks, devices, and risk types. But how confident are you in your business’ ability to avert a cyberattack? To get a clearer picture, Sharp conducted research with 5,770 SME IT decision makers in 11 European countries, across a variety of sectors including education, healthcare, construction, legal and marketing.
Having already made the shift to online systems, to hybrid models and to apps that make tasks more efficient, our research shows the majority of SMEs feel that they are well prepared. However, at the same time, IT security confidence is lacking. And to add to the tension, a large percentage of SMEs aren't set to increase their IT security budget despite the growing risk.
This misalignment between preparation and threat level is creating the perfect opportunity for cybercriminals to strike.
Understanding the threats
In reality, no matter the industry, service offering or business type, IT security vulnerabilities are a real, widespread part of the digitally transformed world. It’s great being able to work from a mobile, stay easily connected to team members at all times, or speed up tasks with automated workflows and artificial intelligence. However, more devices and services connected through the internet means more ways for a business to be targeted.
From an operational perspective, cloud computing (information that’s stored online) has made data easier to manage for all sorts of businesses and organisations. Health records can be viewed at the touch of a button, exam results are filtered through apps, worksite surveys are conducted digitally. But at the same time, this means that such data has become increasingly accessible to others in the cloud and across the apps you use. Businesses today must take steps to ensure no bad actors (cybercriminals) can access the network, staff are fully aware of potential threats, and there’s a plan in place if an attack does happen.
And to add fuel to the fire, many might not be aware of the types of attacks they are at risk of – or their severity. Afterall, how many employees truly understand the meaning of terms like malware, ransomware, or phishing?
Preparation vs. confidence
Cybercrime statistics show that attacks are growing exponentially. Keeping up with the types of risks out there can be difficult, particularly as the tactics of cybercriminals are becoming increasingly sophisticated. A smaller business can fall victim to attack if there are any holes in its digital defence. From a weak device password to data that isn’t encrypted (scrambled into code), even the slightest crack can be all a hacker needs.
Sharp research shows that 82% of small businesses in the UK feel well prepared to deal with IT security threats. That’s good news, at first glance – but strangely, almost the same amount (61%) say they lack confidence in their business' ability to deal with IT security risks. And despite the growing risk, only 40% have increased IT security training since hybrid models were introduced, even though the very nature of hybrid involves staff members in multiple locations, potentially on separate (and sometimes unsecured) networks.
Are you prepared?
Based on what the research shows, does your business’ digital defence align with the rising threat? And if you are feeling prepared, are your cyber security strategies evolving fast enough to allow you to confidently tackle different types of risk?
What does the research show?
Let’s take closer a look at what we found out from the UK SMEs we questioned.
Security threats have evolved beyond the rogue spam email or workers accidentally inputting their password into a dodgy web page. However, these threats still remain, and as 31% of SMEs have been impacted by a phishing attack and 30% by malware, your digitally connected workforce might not be as aware of potential risks as they think.
For smaller businesses that lack a dedicated IT department, an essential component of their security is ensuring the whole team is ‘cyber-savvy’, with the right cybersecurity information. This includes everyone from delivery drivers to on-site workers, and even the exec working from a café’s public network..
Research shows that 77% of SMEs feel enough budget is being put into IT security. Given that a quarter admit to being breached, and many are lacking crucial components of a robust security defence, this sentiment might be slightly misplaced. The damaging implications of an attack – reputationally, financially and from a customer loyalty standpoint – shouldn’t be overlooked.
Only 41% are increasing their security budget this year – likely a sign of the economic times. However, it’s worth remembering that investing in a cybersecurity management solution doesn’t always mean spending more money; it could be a case of reprioritising where the existing money goes. The right solution will provide the full protection your business needs, without breaking the bank.
Today, threats are coming from all angles, in places a business might not have on its radar. Despite nearly 79% of SMEs feeling employees have adequate security training, security soft spots still remain: almost one fifth (16%) were impacted by a security breach from their office printer. An unlikely threat, many might not consider that hackers could infiltrate their company’s system from the machine designed to print, scan and share documents.
This is a particularly striking example of how an SME may not be effectively prepared for an attack. Despite a fifth having been impacted, only 3% are worried about this particular threat.
From prepared to confident and truly risk-ready
Before any SME can be fully prepared for a cyberattack, it must rationalise its levels of confidence, knowledge, and investment in security. Cybersecurity risks are high – if an attack does happen, a strategic, broader approach needs to be prioritised in order to mitigate its impact. This means covering all bases, from staff training to continuous, round-the-clock monitoring of the network and systems.
Discover more ways to stay protected
Explore the Real World Security hub for more content about real security risks for SMEs today.