Cybersecurity incidents and dramatic falls in sales are the most challenging types of crises to hit medium businesses

Small and medium-sized companies are great contributors to the global economy: according to the World Trade Organization, SMBs represent over 90% of all businesses worldwide. At the same time, as the Pandemic has shown, these companies can be particularly vulnerable to crises’ negative consequences. 

To gain insights into which crises pose the biggest risks to small and medium businesses, Kaspersky interviewed decision-makers from companies with 1 to 999 employees from 13 countries all over the world[1]. Although summarized data indicates cybersecurity incidents are the second-hardest type of crisis, exceeded by dramatic falls in sales, respondents representing medium companies (50 – 999 employees) evaluated both these types of crises as equally complex. Rent issues and introduction of new regulations seem the least challenging for both small and medium businesses.  

IT security concerns aren’t unfounded, especially given that the probability of facing a cybersecurity-related problem rises as the company grows. While only 8% of organizations with 1 to 8 employees said they faced an IT security incident, this share increases to 30% among companies with more than 501 workers. 

“Today, cybersecurity incidents can happen to businesses of all sizes and significantly affect their operations, profitability and reputation”. – comments Konstantin Sapronov, Head of Global Emergency Response Team at Kaspersky. ”However, as our Incident Response analytics report shows, in most cases adversaries use obvious gaps in an organization’s cybersecurity to gain access to its infrastructure to steal money or data. This fact suggests that basic protective measures, accessible even to small companies, such as a robust password policy, regular updates and employees’ security awareness, if not overlooked, may significantly contribute to the company’s cyber resistance”.

To keep the business protected even in times of crises, Kaspersky recommends the following:

• Implement a strong password policy, requiring a standard user account’s password to have at least eight letters, one number, uppercase and lowercase letters and a special character. Make sure that these passwords are changed if there any suspicion that they have been compromised. To put this approach into practice without additional efforts, use a security solution with a comprehensive built-in password manager. This will help to eliminate the possibility of a brute-force attack, when an adversary attempts to gain access to your digital entry point by submitting many passwords or passphrases in hopes of eventually guessing correctly.
• Don’t ignore updates from a software and device vendors. These usually not only bring new features and interface enhancements, but also resolve uncovered safety gaps.
• Protect against ransomware. This type of attack, when an intruder encrypts corporate data and demands to pay the ransom for its decryption, has retained a dominant role in the threat landscape for many years. Besides keeping all devices updated, another important step is to set up offline backups for your data so that you can quickly access them if any of your organization’s files are encrypted. Your security solutions need to be able to identify and block unknown malware before it is executed, and should have a function that initiates automatic backup copy creation in the event of an attack;
• Maintain a high level of security awareness among employees. Encourage your workers to learn more about current threats and ways to protect their personal and professional life and take relevant free courses. Conducting comprehensive and effective third-party training programs for employees is a good way to save the IT department time, and get good results.

The full report and more insights on small and medium businesses’ attitudes to crisis and tactics against it are available via the link.