Future of Work News

Size Doesn't Matter: SMBs Risk Everything without a Effective Cyber Security


It’s a dangerous misconception that smaller companies aren’t a target and, therefore, don’t need to focus on security. SMBs are ever more vulnerable to massive losses due to the rise in cybercrime.

“Just because a business is relatively small doesn’t mean it won’t be targeted by a rapidly growing number of sophisticated digital criminal rings,” says Scott Chasin, CTO at Pax8. “It is very important that we debunk the myth that SMBs are left alone because their business is simply too small to be worth the effort. This is not the case.”

Chasin joined Pax8 earlier this year and oversees a growing and expansive team of engineers, who manage research and development initiatives, and intellectual property for the company , as well as fully vetting security vendors on the company’s cloud marketplace. That marketplace now features more than 20 cybersecurity vendors.

“As attackers increasingly automate attacks, it’s easy for them to target hundreds, if not thousands of small businesses at one time,” Chasin said. “Automation, AI, and Machine Learning promise tremendous advances in the world of IT, but in this case, criminals are investing in lights-out systems that can crawl the web to find companies across every industry category and detect vulnerabilities with no human intervention, and that is frightening. Small businesses often have less stringent measures in place to protect their network, applications, employees, customers, and data, and no plan in place to respond to a surprise attack.”

Chasin is passionate about raising visibility around risks that can be catastrophic for a small or medium- size business.

“SMBs can be easier targets for hackers than bigger organizations, which is why the incidents we know about, the incidents that are tracked, are occurring at much higher growth rates than attacks on what one would assume are more lucrative targets,” Chasin explained.

Even the very smallest businesses can deal with large sums of money and have access to customer data, which, under regulations in the US, including very stringent privacy and security regulations in the state of California and in Europe GDPR, they are obligated to protect.

According to an IBM annual study, the financial consequences of a data breach can be particularly acute for small and mid-size businesses. In the study, companies with fewer than 500 employees suffered losses of more than $2.5 million on average.

“For SMBs, the relative risk is much higher, and their ability to recover much more difficult,” Chasin said. “Losing this amount of money can be devastating and even fatal to small businesses, including reputational risk.”

Phishing accounts for 90% of all breaches that organizations face; they’ve grown 65% over the last year and account for over $12 billion in business losses. Phishing attacks occur when an attacker pretends to be a trusted contact and entices a user to click a malicious link, download a malicious file, or give them access to sensitive information, account details, or credentials.

The biggest and widespread threats facing small businesses are phishing attacks, according to experts. Phishing accounts are responsible for around 32% of confirmed data breaches and 78% of all cybercrimes.

“Today’s phishing attacks are far more sophisticated and pervasive,” Chasin said. “They can happen when a hacker pretends to be a colleague, a partner, a friend, or even the CEO of the company and lures their targets – employees of the company – to click a malicious link, download a malicious file, or give them access to account details, credentials, payment information, customer information and more. The good news is there are solutions now that help warns or stop employees from clicking on malicious links – cloud-based, affordable solutions that can be put in place in minutes and report back on unusual activities.”

There has also been a rise in business email compromise, where criminals steal email account passwords from the highest-level executives, then tunnel into databases, enterprise applications, email systems, financial systems, and more.

“It makes sense to go straight to the top,” Chasin said, “because often the C-suite has the most privileges and even unfettered privileges, which can even include bank accounts.”

Other trending threats, according to Chasin, include malware (trojans, viruses, and malicious code), ransomware (encrypting company data so that it cannot be used or accessed, and then forcing the company to pay a ransom to unlock the data), and old-fashioned password management.

“SMBs are using more cloud-based services, which means more portals, more passwords, more people using their preferred collaboration and storage services, and more,” Chasin said. “Have you ever wondered what might be stored in Dropbox or Box? In Microsoft Teams, Slack, or hundreds of other cloud productivity platforms? It’s complicated, it’s risky, and only with the best solutions, from Multi-Factor Authentication to password change automation, to secure password generation, can every organization protect their assets and business.”

The work from anywhere world is only making security challenges harder.

“Without security solutions in place, SMBs cannot possibly effectively manage so many employees, accounts, devices, and applications,” he said. “The cloud is incredibly powerful, but especially given the mix of public clouds, private clouds, public Internet access, private VPN access, local WiFi routers which can also be compromised – the fact is that the investment in cloud and XaaS can turn into a nightmare if businesses do not establish and dynamically evolve their defenses. We are passionate about bringing the best, fully vetted, most efficient, and affordable cyber solutions to our MSP partners, who are better serving their customers as not just Managed Service Providers but Managed Security Service Providers, given the critical importance of keeping communications and computing infrastructure and assets safe. This is a huge part of our mission.”

Edited by Erik Linask

Future of Work Contributor

Related Articles

CBTS and Ribbon Simplify Legacy Telephony Services Transition

By: Greg Tavarez    12/5/2022

CBTS is leveraging Ribbon Connect to deploy Operator Connect Accelerator for Microsoft Teams, making Teams Calling simpler to deploy.


How to Ensure Employees Follow IT Security Rules

By: Tracey E. Schelmetic    12/1/2022

Many employees don't follow cyber security policies because they don't know about them, don't understand their value, and aren't part of the implement…


Cloudbrink Transforms Modern Work Environment with Hybrid Access as a Service

By: Greg Tavarez    11/28/2022

With Cloudbrink, businesses can truly embrace the new work-from-anywhere cloud-driven era without fear of poor network or application performance.


Box Enhances Zoom App, Adds Automatic Recording Storage

By: Stefania Viscusi    11/28/2022

Cloud storage provider Box has enhanced its Zoom integration to include automatic storage of recorded Zoom calls for users of both platforms.


Ring Central Partners with Charter Communications to Provide Expanded UCaaS Capabilities

By: Tracey E. Schelmetic    11/23/2022

Charter Communications has partnered with UCaaS provider RingCentral to launch two new offerings under its Spectrum brand.