Improve Cyber Security for Small to Midsize Businesses (SMBs)
Recently, new reports including mentions of ways to improve cyber security for SMB (small and midsized Business) have been released from Gartner, Verizon, Thales, Accenture, and others for 2019. Included in these is a plethora of knowledge directly related information on small to midsized businesses. One statement from the Gartner report stated, “Through 2022, 80% of organizations (up from 30% in 2018) will undergo some change in their security organization structure as a direct result of digitalization (Gartner, 2019).” Let that sink in for a moment, if you ask around rest assured your organization is already performing some type of digitalization or will be doing so sooner than imagined if not.
The time is now to do your research, SMBs have options for protection but a vCISO (virtual Chief Information Security Officer) Program is the safest option for organizations new to this concept. It has many benefits, such as they’re Independence from current organizational politics, more cost effective than staffing an IT team, they provide expert guidance, and offer stable option for role continuity.
A “perfect” cyber security solution for all does not exist. The reason is that every organization has different requirements to make a certain model appealing to them. Not to mention, there is currently a shortage of employees capable of successfully filling a security role of this magnitude and if they are capable, it’s hard to keep them around (other companies will offer them jobs). More and more organizations are opting for a vCISO strategy that is flexible enough to meet their budget and strong enough to cover their security needs.
Why Are SMBs More Vulnerable Than Before?
SMBs assume that they are unlikely to be the victim of a cyber-attack. The current statistics and trends begin to prove this assumption incorrect. According to the Verizon DBIR, 761 data security breaches were analyzed, and 556/761 attacks were on SMBs with fewer than 1,000 employees. Additionally, 436 incidents targeted companies with 11 to 100 employees. One-Half of the breaches examined in the DBIR utilized some form of hacking, and the other half incorporated malware (2019). SMBs are now the prime target for attack instead of defense contractors and Large enterprises.
The problem is a lack of defenses within a SMBs network infrastructure. Often, the best choice is to do what other companies like yours are doing, if not more or else you will become the weakest link. An article from TechTarget stated, “In the current threat landscape, attackers simply jiggle a lot of cyber doorknobs, find out who’s left their “house” unlocked, and set about helping themselves to whatever they want: financial data, private emails, customer account information and other goodies (TechTarget, 2019).”
For example, a home is vulnerable to a burglary if there are no cameras or security systems. A SMB without the proper security is a quick target for attack and the costs are high if your data cannot be recovered. Often, organizations get lucky, “around When the IC3 Recovery Asset Team acts upon BECs, and works with the destination bank, half of all US-based business email compromises had 99% of the money recovered or frozen; and only 9% had nothing recovered (Verizon, 2019).” What can SMBs do to reduce this threat? The answer is simple, just make a few improvements to your organization’s security program, if done correctly it will save time, reduce risk, and out weight the cost of a breach significantly.
The Truth About Cyber Security For SMBs
Most SMB only have one or two team members with security roles trying to service 30 – 100 employees. This can cause issues when they get caught up in day-to-day support concerns, they will have no time to focus on proper security. Such as logging and monitoring, conducting annual security assessments, implementing affecting backup solution, develop policies, and perform other functions of security. That is where a vCISO fits in, to fill the gaps in your current security program while allowing your operations to remain lightweight.
Verizon DBIR stated, 94% of detected malware is discovered with a delivery method of email and 48% of cyber-attacks target small business (2019). Which means you as an organization must implement at a minimum email security, network & endpoint security, and security awareness training. This can all be done affordable with a vCISO. Another good report from Infocyte stated, “Some 72% of inspected SMB networks found riskware and unwanted applications in their environment that took longer than 90 days to remove.” Also, “Average attack dwell time—the time between an attack penetrating a network’s defenses and being discovered—ranged from 43 to 895 days for SMBs, the report found (TechRepublic, 2019).” This is another glaring reason why SMBs need to start taking a smarter approach to security.
Protect Your SMB With Cyber Security Services
Improving cybersecurity for your SMB can be as simple as enlisting a vCISO from a cyber security consulting firm. Immediately, they will help develop a solution that prevents advanced threats and risks. An organizations security structure will depend on multiple factors such as risk appetite, industry, maturity of the existing program, corporate culture, desired level of segmentation, and other things. It can be difficult to manage with a small staff and most SMBs do not have the financial ability to in-house a full cyber security team. That’s why you can supplement the gaps with a vCISO and if you’re not convinced yet here are some additional benefits our vCISO Program at Praetorian Secure™ offers and a list of what is included* in the program.
vCISO Program – Benefits
- Scalability of security operations
- Financially appealing compared to in-housing
- maintain operations without any hiccups (no employee turn-over)
- Get expertise without paying high salary of CISO
- Independent from existing structure (not easily influenced whereas internal CISO could be)
- Clear & strategic security planning
- Proven methodologies
- Cyber Expert on-demand
Services Included – vCISO Program – Standard Package
- End-point Protection
- Log Management
- Network Device Review Configuration
- Physical & Environmental Security Assessment
- Security Awareness Training
- Vulnerability management
- Bronze Level Support
Support Package Levels
- Bronze – Response time within 24 hours (basic package included with vCISO Bundle)
- Silver – Response time = 12 hours or less
- Gold – Response time = 6 hours or less
- Platinum – We Respond within 1 hours or less
Amy Rogers Nazarov, A. (2011, October). Cybersecurity threats target lack of SMB security – Information Security Magazine. Retrieved from
Rayome, A. D. (2019, July 11). Cybersecurity: Malware lingers in SMBs for an average of 800 days before discovery. Retrieved from
Verizon. (2019). 2019 Data Breach Investigations Report [PDF file]. Retrieved from