Latest News

SMBs: How to build a robust cybersecurity framework

Small and medium-sized businesses (SMBs) face significant challenges when it comes to implementing an effective and robust cybersecurity framework. These mostly come down to resources. Without the cash, revenues, and staffing levels that large corporations enjoy, the decision to make significant investments in security may require cutbacks in investments that directly support ongoing operations and growth.

On the other hand, SMBs are typically far more agile, flexible, and capable of rapid innovation and change than larger organizations. This means that once they design a cybersecurity framework that fits their needs—and doesn’t demand excessive resources—they can then implement it very quickly.

Here we’re going to discuss:

  • Why an effective cybersecurity framework is critical for SMBs
  • What critical components belong in an SMB cybersecurity framework
  • How SMBs can implement a comprehensive cybersecurity framework with limited resources

Ransomware: The SMB killer

The overall failure rate for SMBs is pretty staggering: Nearly 22% fail in their first year, about half fail within five years, and more than 65% have closed their doors by year ten. Entrepreneurs need to have a massive tolerance for risk even to consider starting a business.

With this in mind, did you know that 60% of small businesses shut down within 6 months of a successful cyberattack (of which ransomware is by far the most common type). But despite this, only 9% of small businesses have invested in cyber liability insurance. Recovering from a cyberattack is very costly, but fully 83% of small businesses are financially ill-prepared to do so.

Buying cyber-insurance is without doubt a difficult decision. To get reasonable coverage, insurers require that you institute a broad range of cybersecurity measures—each of which comes at a cost. Like a twenty-something declining health insurance in order to save a little money, SMBs are tempted to take their chances, at least “for now.” 

The difference is that accidents and diseases are not actively seeking out uninsured young people. Whereas cybercriminals are constantly on the hunt for businesses that have exploitable gaps in their security. A large enterprise may have more money to pay when it comes to ransoming critical data, but they also are likely to have formidable security measures in place. So the crooks content themselves with the smaller pay-outs they can get from the easier targets in the SMB space. 

In 2021, fully 82% of ransomware attacks targeted companies with fewer than 1,000 employees.

What it takes to be protected

To establish robust protection against ransomware, SMBs need to cover a lot of bases.

  1. Backup – 97% of ransomware attacks include attempts to compromise backup systems. That’s because having up-to-date backups that can be restored quickly and easily is the best way to ensure that you can recover from an attack with minimal disruption. Modern backup systems like Barracuda Backup and Cloud-to-Cloud Backup include robust capabilities to ensure that they can’t be identified and compromised by ransomware malware. If you’re using an older backup system, upgrading is one of the most important investments you can make.  
  2. User training – A large majority of breaches involve human error. It’s very important for SMBs to invest in training that helps employees recognize and report phishing emails and social-engineering attacks. Modern training systems such as Barracuda Security Awareness Training make it easy to use real-world phishing simulations and proven training materials to convert your user base into a robust line of defence rather than a vulnerable attack surface. 
  3. Email and web security – Traditional gateway email filtering is necessary for stopping emails carrying malware and known malicious links. But it’s inadequate to stop sophisticated phishing, account-takeover, and impersonation attacks.  That’s why growing numbers of your peers are recognizing the need to implement advanced email security solutions like Barracuda Email Protection that leverage AI and machine learning to spot and block even the most sophisticated and evasive email attacks. In addition, it’s key to employ strong web filtering capabilities, such as Barracuda Web Security, to block users’ access to known malicious sites, and to carefully customize allowed-lists and block-lists to enable access only to allowed sites and applications. 
  4. Network security – Use modern firewalls, such as Barracuda CloudGen Firewall, with robust intrusion detection and prevention capabilities to monitor network traffic and quickly identify intruders before they can penetrate critical systems and data. In addition, powerful new zero trust access-control architectures, such as what Barracuda CloudGen Access delivers, offer much better protection against unauthorized access than traditional MFA and VPN systems can. 
  5. Patch management – Unpatched software, operating systems, and firmware are cybercriminals’ best friend, and they know how to find them. Implement a plan to ensure that all systems are updated as soon as security patches are released.  Also, make sure that your own web applications are free of vulnerabilities. Using the free Barracuda Website Vulnerability Scan to identify vulnerabilities is a good first step to assess the scope of the problem. And a modern, easy-to-configure web application and API protection (WAAP) solution like Barracuda Application Protection can ensure continuous protection against a vast range of application-layer threats. 
  6. Incident response plan – Knowing exactly what to do in the event of a security incident is critical to responding quickly and effectively to limit the damage. It’s important to develop the plan with all relevant personnel involved and specific responsibilities clearly stated. And it’s just as important to regularly drill and practice your response to be ready for when something happens. 
     
    The faster you can respond, the less likely a data breach will be. Modern, automated incident-response capabilities like Barracuda Incident Response let you very quickly and easily find and eliminate malicious emails from all user inboxes, reducing response times from hours or days to just seconds or minutes.

One step at a time…

Complete the form below and type ‘Start the conversation’ into the message.

You have then started step one of your long-term security project! 


Other News

News by Category

News Archive