Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • The Security Leadership Issue
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Cybersecurity News

Small and Mid-Size Businesses Need to Focus on Cybersecurity

By Mathieu Chevalier
small-cyber-enews
July 5, 2018

There seems to be a constant supply of news stories involving high-profile, high-impact criminal cyber activity. More often than not, the data breaches that we hear about occur at large businesses or global organizations. This leads many people to think that it’s only those big companies who are at risk of being attacked. They incorrectly assume that today’s cybercriminal is always looking for a giant financial payout or a huge cache of personal data. But the reality is that small and mid-size businesses (SMB) are actually at greater risk.

In their 2018 Data Breach Investigations Report, Verizon found that 58% of all cyberattacks target small businesses. While it is true that the ultimate reward might not be as high as from a multinational organization, cybercriminals go after SMBs because they are easier to penetrate.

Gaining access to a multinational organization can be difficult. Larger organizations have the budget and the obvious need to protect their networks. When you collect personal data from around the globe or generate billions in revenue, you dedicate time and resources to protecting yourself. SMBs, on the other hand, don’t always focus on cybersecurity the way they should. And this is what cybercriminals are counting on.

 

Why Are Small and Mid-Size Businesses at Risk?

Regardless of the size of your business, cybercriminals who want to access your network will take advantage of any vulnerable attack surface. A single unprotected or improperly secured edge device can be all they need to access an entire system.

According to the Verizon Report, cyberattacks can occur in several different ways. 48% of last year’s breaches featured hacking while 30% included malware. Other less prevalent but still dangerous methods of attack were social attacks, privilege misuse or physical breaches.

A comprehensive approach to security is crucial for keeping cybercriminals at bay. Unfortunately, when it comes to the cybersecurity of physical security systems, many smaller organizations have a relatively haphazard approach. They roll out disparate solutions for access control and video surveillance which puts them at greater risk. And, as they grow or evolve, they add new cameras or technology as and when they can find the resources rather than developing a strategic plan to upgrade their system as a whole. This means that they may not be aware of potential points of attack on their evolving physical security network.

In addition, SMBs don’t always have a clear cybersecurity strategy that they communicate to every member of their team. The Verizon Report states that nearly one-fifth of system breaches occur because of human error. This can happen when an employee clicks on the wrong link or doesn’t adequately secure a device. Like any organization, an SMB can mitigate these errors through training and organization-wide awareness.

This takes a commitment from senior executives as well as an understanding of what is actually at risk. Unfortunately, SMBs tend to think that, because they aren’t dealing in billions of dollars, cybercriminals won’t bother attacking their networks. While they may believe they have less to lose to a cyberattack than these organizations, they are actually at a greater risk that their business might not survive the fallout or clean-up.

 

The Impact of a Data Breach on SMBs

When a multinational or global company is attacked, the cost can be astronomical whereas, according to the Ponemon Institute, the average cost for small businesses to clean up after being hacked is about $690,000 and, for middle market companies, it is over $1 million.

To an outsider, this may seem less significant in comparison with the high-profile cases that make it to the top of the news cycle, but these costs represent a huge financial burden for an SMB. In fact, according to the U.S. National Cyber Security Alliance, 60% of small companies are unable to sustain their business more than six months following a cyberattack. They frequently just don’t have the resources.

And, in addition to clean-up and containment costs, SMBs who collect personally identifiable information (PII) in Europe are now also going to have to deal with potential fines that arise from the European Union’s General Data Protection Regulation (GDPR). The regulation includes mandatory breach reporting rules that stipulate an organization must report a breach within 72 hours of detection.

The penalties for non-compliance are steep with fines of up to 20 million Euros or 4% of global annual turnover – whichever is higher. When you think of a small business not being able to survive a breach that costs under a million dollars to clean up, you can imagine what the outcome of such a heavy fine would be. Clearly, SMBs need to put the work in now to protect their networks and their budgets for the future. But how do can they do this without breaking the bank?

 

How Can SMBs Protect Their Networks?

As with any organization, an SMB can protect itself by deploying solutions that are developed with cybersecurity in mind. This means the systems they use should include ways to encrypt data, authenticate users and authorize access.

Encrypting data helps SMBs protect the private and sensitive information on their network and enhance the security of communication between client and servers. When data is encrypted, even if an unauthorized person or entity gains access to it, it is not readable without the appropriate key. The question then becomes how to control access to those encryption keys. The answer is through authentication.

Authentication comes in different forms. Client-side authentication includes username/password combinations, tokens and other techniques while server-side authentication uses certificates to identify trusted third parties. These allow SMBs to first determine if an entity – user, server or client app – is who it claims to be, and then verify if and how that entity should access a system, including the ability to decipher encrypted data.

However, while encryption and authentication are great tools for protecting data, they cannot stop unauthorized access to a network. The Verizon Report also states that more than 25% of network attacks involve people inside an organization. As a result, in addition to protecting access through authentication mechanisms, SMBs also need to use authorization to control who sees sensitive data and what they can do with it.

When authorization capabilities are built into security solutions, they allow administrators to restrict the scope of activity within their systems by giving specific access rights to groups or individuals for resources, data, or applications. By defining privileges, administrators can fine tune the level of access granted to each individual. This allows administrators to strike a balance between providing individuals with the access rights necessary to do their jobs efficiently and ensuring that they mitigate the risks associated with a potential data breach. This not only increases the security of the physical system as a whole, but it also enhances the security of other systems connected to it.

 

Return on Improvement

Prevention and detection are the best ways to avoid the costs associated with a system breach, including clean-up, loss of data and potential fines. By hardening your network against criminal cyber activity, you improve the security of your data and increase your resilience against cyberattacks.

At the same time, you should also be monitoring your systems for common indicators of a compromise. These can include unusual login times, reduced operating speeds across the network, errors in application and system event logs, new devices on the network, new users with admin privileges, unusual event log entries in the security log, or workstations with very high traffic.

Detection is increasingly important when it comes to mitigating the damage caused by a breach. The Verizon Report states that 68% of breaches took months or longer to discover. Having best practices in place to detect a breach as quickly as possible helps to reduce its overall impact and can make recovery that much easier. In the event of a data breach, you should also be prepared to respond quickly and effectively.

Overall, the challenge of securing SMB systems might be easier than for large businesses. SMBs tend to have a better picture of all their assets and a more direct way of communicating a new cybersecurity strategy to their teams. And their return on improvement is significant.

If you want to find out more, check out the Genetec trust center for cybersecurity insights and tips: www.genetec.com/trust

 

KEYWORDS: cyber risk management data breach GDPR security compliance security technology small to mid-size business (SMB) security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Mathieu Chevalier joined Genetec in 2010 as a software developer, and now plays a vital role in developing both internal and external cybersecurity protocols and strategies to assure the Genetec portfolio is “hardened” against cyber-attacks. Chevalier works closely with all Genetec product development teams to assure the latest cybersecurity measures are in place to protect the company’s software architecture, solutions, and features. Chevalier holds a Bachelor of Computer Engineering degree from the University of Sherbrooke, Québec.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

Person holding large ball of twine

Preventing Burnout in The Security Industry

Harrods

Harrods’ Cyberattack: Cybersecurity Leaders Weigh In

2025 Security Benchmark banner

Events

September 29, 2025

Global Security Exchange (GSX)

 

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • cloud-enews

    How to Utilize the Cloud to Mitigate Cybersecurity Risks to Security Hardware

    See More
  • physical security

    A proactive approach to cyber and physical security

    See More
  • privacy-data5-freepik1170x658.jpg

    Spring cleaning your data and cybersecurity practices — What small businesses need to know

    See More

Related Products

See More Products
  • databasehacker

    The Database Hacker's Handboo

See More Products

Events

View AllSubmit An Event
  • March 6, 2025

    Why Mobile Device Response is Key to Managing Data Risk

    ON DEMAND: Most organizations and their associating operations have the response and investigation of computers, cloud resources, and other endpoint technologies under lock and key. 
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!