Phish, WFH, and Resources - 2021's Top SMB Cybersecurity Threats

By: Dr. Jonny Milliken, Director of Security Research & SOC at Cygilant

2020 has been tough on small- and midsize enterprises. These organizations are used to stretching their budgets to fit their security and operational needs, but the pandemic added in a rapid shift to remote work that greatly complicated things. The good news is that 2021 will likely not be nearly as disruptive to SMBs' operations as 2020 (though I'll knock on wood just to be sure). This means that organizations can settle in and get back to basic security fundamentals to protect their people and infrastructure from sophisticated cyberattacks.

One of the biggest challenges many businesses will need to address in 2021 is their ongoing management of the cloud. Recent research shows that 87% of global IT decision makers agree that the COVID-19 pandemic accelerated their migration to the cloud. The speed in which businesses were forced to migrate and get employees acclimated to their new platforms and enterprise apps, however, presents an ongoing opportunity for cybercriminals. Outside of the reach of network detection, firewalls, and other corporate security technologies, employees can be sitting ducks for cyberattacks. While businesses can enforce remote security standards, including upgraded router security, to help prevent data breaches, their efforts would be better spent gaining visibility into their cloud infrastructure.

Cloud platforms offer significant operational benefits but one of their biggest drawbacks is a lack of transparency. To properly secure remote workers, it's critical that businesses gain a better understanding of normal user behavior to identify users engaging in risky behaviors as well as potential cybercriminal activity.

Phishing continues to be the most prevalent and most effective threat type against SMEs. This is especially true in 2020 as the Verizon Business 2020 Data Breach Investigations Report found that users are three times more likely to click on a phishing link and then enter their credentials than they were pre-COVID. Cybercriminals use phishing as a means to attack gaps in businesses' cloud security strategies. Major productivity platforms use a wide array of alerts and messages that may be unfamiliar to employees, therefore making them prone to clicking links or sharing credentials. Phishing has always been one of the top threats to SMEs, but 2021 will likely see cybercriminals ratchet up their efforts even further through greater personalization and customization, particularly for companies in highly regulated industries.

Finally, the biggest security trend that will impact SMEs is a lack of resources. A volatile market, highly competitive sales environment, and global unrest have made it difficult for organizations to stay in business. During times when revenues are down, many SMEs make the mistake of reducing their cybersecurity budget because they view it as an operating cost. This is a mistake. When positioned correctly, security is a sales enablement tool that demonstrates an organization's commitment to the safety of its clients' data.

Businesses that can't commit the time, money, and people to executing a sound cybersecurity strategy are increasingly outsourcing those responsibilities to a capable partner. However, cybersecurity can't be fully outsourced because businesses must work closely with their partner to align their people, processes, and technology with their desired security goals. Cybersecurity is continually evolving and requires consistent collaboration to ensure that disruptions to the business are minimized.

It sounds strange to say this but I'm (fairly) confident that the worst may be behind us. SMEs are used to getting more from less and 2021 will push that axiom to its limit. Organizations settling into their new cloud infrastructure can greatly improve their security posture by gaining transparency into their environment and adhering to basic security fundamentals. So even though the world has vastly changed, SMEs' security challenges haven't. In this day and age, better the devil you know than the devil you don't.

##

About the Author

Dr. Jonny Milliken is Director of Security Research and SOC for cyber security managed service provider Cygilant. He leads a department of dedicated security pros, all working around the clock to keep customers safe and repel the bad guys.