By Dror Liwer
Cyberattacks targeting small and medium-sized businesses are rapidly increasing in frequency and complexity, yet the vast majority of the security industry continues to do all but nothing to help companies of smaller size reduce risk. By making the strategic decision to chase the fortunes that only enterprise-sized deals can provide, the preeminent cybersecurity companies of our time must be held accountable when their failure to support the majority of businesses, small business, inevitably prompts economic turmoil.
Yes, ignoring small business is the right of any private vendor in a free-market society, but doing so is a curious decision considering the size of the current threat landscape and the millions of companies in need of security. In other words, there’s plenty of money to be made by serving companies without 50,000 employees. Nonetheless, because of the preeminent fortune over fame mindset, cybersecurity remains elusive, expensive and too complex for smaller companies to adopt with ubiquity.
Let’s be clear: the democratization of cybersecurity is one of the most important civic responsibilities of this technology era, yet actions suggest that the majority of companies at the pinnacle of the industry could care less.
Understanding the great security divide
As larger companies fortify their digital assets, attackers are increasingly turning their attention to the millions of vulnerable small and medium-sized businesses that the vast majority of cybersecurity solutions are not built for. A recent survey by Hiscox found that nearly half of all small businesses incurred a cyberattack in the previous year. Of those successfully attacked, roughly 60 percent went out of business within just six months.
For small businesses, it’s no longer enough to install anti-malware or rely exclusively on the basic security protections inherent to email clients and cloud apps. In fact, the world’s most popular cloud-email solutions, Office365 and Gmail, are two of the most frequently attacked email providers in the world, despite built in safeguards by Microsoft and Google. Once an attacker gains access to a person’s email credentials, they can rather seamlessly steal sensitive information, send illegitimate messages, spread malware and compromise the integrity of digital and even physical assets.
At the same time threats are increasing, small businesses are introducing new risks by expanding bring-your-own-device (BYOD) and remote access privileges. Even the smallest businesses now have information and digital footprints on Dropbox, Google Drive, Salesforce, Box and other servers around the world, empowering employees and owners to access work from anywhere and on any device.
But because of limitations in time, money and resources, smaller organizations are often forced to look to cybersecurity that doesn’t fit their needs. What’s worse, the smaller the business, the greater the consequences. The average cost of a data breach for a small company in 2017 was $117,000, according to a report by Kaspersky Labs, a devastating cost to any business of such a size.
The cloud makes security accessible and affordable – but not for small business
In theory, the cloud has made technology better, faster, cheaper and more accessible. As such, one would think that such convenience and simplicity would trickle down to cybersecurity, making it easier to distribute while empowering end users to run on-demand software virtually on any machine or network.
But such capabilities haven’t driven down costs akin to how SaaS has reduced expenses in other industries. Consider that when CRM tools like Salesforce and Pardot first came out, they were expensive, time-consuming to implement, and as such, available only to the largest companies. The onslaught of competitors that have since emerged now offer inexpensive options available to anyone, offering small businesses many of the same digital capabilities as Fortune 500s.
This democratization of technology has been occurring over the past decade in almost every industry but cybersecurity. Ironic, because if the SaaS business model has taught us anything, it’s that significant money can be earned when offering up services to smaller businesses. Cisco, are you listening?
Extending cybersecurity to the masses
According to a report by MarketsandMarkets, the cybersecurity marketplace is expected to grow10 percent annually over the next five years. Throwing caution into the wind, acting solely on profit will only hinder the ability to reduce cybercrime.
Now is the time to democratize cybersecurity. As a global and highly-interconnected society, we can no longer push the resources and benefits exclusively to the strong and powerful while leaving the smaller companies vulnerable, with little regard for their safety. Nor can we continue to allow small businesses to purchase cybersecurity that does not meet their needs, or even worse, have them go without protection at all.
But let’s be real – everything from stakeholder pressure and competitive drive to financial greed and the motivation of power makes democratization unlikely in the short-term. What has thrived in other tech sectors is presently unattainable in cyber, and that’s a problem.
In the near future, small businesses will remain on their own, mostly forced to choose between no security, expensive security and security that doesn’t truly fit their risk profile. As such, until such time when the majority of solutions become available to the majority of businesses, companies must:
- Look to the cloud– Companies already do so with data, collaboration and productivity tools in the cloud – so don’t be afraid to look for cloud-based security tools. They are more affordable, simpler to use and require little to no maintenance.
- Work together– Cyber is not a technology problem. It’s a business problem. Find other SMBs in your community and join forces – in sharing knowledge, and even, in some cases, costs.
- Don’t be afraid of AI– The robots are coming, but in cybersecurity, that’s a very good thing. 99% of events can be addressed automatically, and very effectively.
Small businesses are looking for cybersecurity heroes – companies driven by mission as much as money. But until that time comes, millions of organizations will remain largely on their own, and in the midst of unprecedented cyber risk.
Dror Liwer is the founder and CISO of Coronet, a provider of data breach protection for businesses that us the cloud.