Cybersecurity continues to be a real problem for small to mid-sized (SMB) companies because they honestly believe it will not happen to them. To make matters worse, in a recent article by Dark Reading, 51% of SMB leaders are convinced their companies are not a target for cybercrime. You can read the article here. With the large number of security incidents we respond to within the SMB community, it is very surprising and discouraging businesses continue to ignore cyber threats.
Small to Mid-Sized Companies Do Not Act Until AFTER They Have Incurred Multiple Cyber Incidents
Unfortunately, what we find is that companies take preventative action only after they have been hit multiple times. You read that last line correctly. We see companies have an incident, incur very large unplanned expenses to deal with it, and continue to 'do nothing' until they are hit again and again. I have to believe this is primarily due to the lack of understanding of the real risk of cyber threats at a business level, coupled with it being a blind spot in business management - I don't know what I don't know.
The Security Industry is Partly to Blame
The cybersecurity industry is partly to blame for the lack of understanding and visibility in the business community because, as an industry, cybersecurity continues to communicate in very technical jargon and terms business owners and management simply cannot understand and do not have time to try and figure out. This creates a disconnect between the business and the very solutions available to proactively address mitigating the risk related to cyber attacks.
If business owners were armed with information showing what is actually occurring within their business on a regular basis, communicated in terms they can understand, not only would they enable the experts to help remediate issues proactively, they would have detailed information on employee behavior and actual traffic moving in and out of the business. Security reports provide extremely valuable and powerful information which can be used not only to thwart cyber threats, but also create and enforce general company policies on how business assets are being used.
You can see sample report showing one month of actual data obtained from proactively deploying and monitoring security here Security Report
I believe if business owners could SEE what is actually happening, they would be much more likely to address the very real cyber threat risk. At a minimum, they would have to decide to do nothing knowing bad things really are happening.