Cyber Security

The protection of internet-connected systems, including hardware, software and data, from cyberattacks

The VIPRE Data Breach Kit: How SMBs can protect themselves

VIPRE Security Group announced the release of its Data Breach Kit. For too long cybersecurity experts and vendors have provided SMBs with general advice unsuited to their needs, when what they really need is a tailored, pragmatic approach to cybersecurity. This report provides SMBs with a targeted, comprehensive guide to data breaches, how they happen, and how SMBs can protect themselves.

The report covers:

  • How SMBs differ from larger businesses
  • How data breaches happen
  • What cybersecurity agencies suggest
  • How SMBs can prevent a data breach by addressing each breach pattern

We often overlook SMBs. But we shouldn’t; SMBs account for 90% of companies, 60-70% of employment, and 50% of GDP globally. As such, SMB security is vital to the normal functioning of global economies.

The past few years have seen more SMBs adopting digital transformation initiatives and remote-working models, significantly expanding their attack surfaces. As a result, they have suffered more cyberattacks. Moreover, the rise of cloud-based models and as-a-Service offerings means SMBs now have access to the same technology as larger organisations and face the same threats. However, SMBs typically lack larger organisations’ resources, meaning they must take a more targeted approach to cybersecurity, making the most of what they have.

Data breaches are a particularly severe threat to SMBs because they are less equipped to weather the financial impacts; a Hiscox report from 2021 found that the average cost of a cyberattack to the US was $25,612. In the grand scheme of things, this is a relatively low cost. But for a small business, it’s enough to significantly impact business continuity, force lay-offs, and even bring about insolvency. The time and money required to address the hidden costs of a data breach – such as rebuilding trust and paying regulatory fines – are often an existential threat to SMBs.

“Many SMBs operate under the assumption that they are ‘too small to be targeted,’ but that isn’t the case anymore. A huge number of SMBs use the same technologies as and are part of larger organisation’s supply chains, meaning they are just as at risk as the largest multinationals,” said Usman Choudhary, Chief Product and Technology Officer, VIPRE.

Most (74%) data breaches involve some element of human error. This intelligence is essential for SMBs, as remediating human error is one of the most cost-effective ways to prevent cybercrime. SMBs must impress upon their employees the importance of using unique, complex passwords, identifying possible malicious insiders, and ensuring security teams do everything they can to prevent security misconfigurations.

Similarly, the report examines some of the most common threats to SMBs, including system intrusion, basic web application attacks, social engineering, miscellaneous errors, and privilege misuse, to help them understand and mitigate them.

Fortunately for SMEs, many free resources are available to help them prevent data breaches. This report outlines a few of the most comprehensive SMB-focused guidelines from the UK’s National Cyber Security Centre (NCSC), the US’s Cybersecurity and Infrastructure Agency (CISA), the Australian Cybersecurity Centre (ACSC), and the European Union Agency for Cybersecurity (ENISA).

Because SMEs lack the vast resources of larger organisations, their security solutions must be easy to implement and designed to thwart general, non-targeted attacks. As such, SMBs should focus on breach patterns, placing obstacles on the pathway to data to slow down and prevent attackers from compromising it.

Finally, the report outlines how SMBs can take a flexible, layered approach to cybersecurity. By focusing on email security, awareness training, and endpoint detection and response (EDR), SMBs protect themselves from most threats, from the first stages of an attack to its culmination.

To read the full VIPRE Data Breach Kit, download the full report here.