Top Security Trends SMBs Need To Be Aware of in 2021

Security trends are constantly evolving, and for small and medium-sized businesses where budgets can be tight, knowing which trends deserve the most attention can be challenging. We have pulled together a list of the most prominent security trends to be aware of in 2021 to help prepare your business to contend with the current threat landscape.

Rise in Cybercrime

In 2020, the Federal Bureau of Investigation (FBI) received a record number of cybercrime complaints from the American public, with losses totaling more than $4.1 billion. The most prominent crimes were ransomware incidents, phishing scams, and business e-mail Compromise (BEC) schemes. BECs were the costliest, with losses of around $1.8 billion ^[1].

Many small and medium-sized businesses incorrectly believe they are not attractive targets to cybercriminals. It is natural to assume that large companies with tons of data, intellectual property, and funds are top priorities for bad actors. For many cybercriminals however, it is a numbers game. Large companies typically have cutting-edge security tools and protocols that make breaking into their systems prohibitively costly and time-consuming. By contrast, many SMBs are ill-prepared for cyber-attacks, making them easier targets. Successfully compromising multiple SMBs can be just as, if not more lucrative than successfully compromising one large business.

Security Skills Gap

The gap between the number of skilled security professionals and the companies that need them continues to grow. 80% of companies find it challenging to find and hire security professionals, and an eye-watering 71% say it is harming their ability to deliver security projects successfully^[2].

Competition for security professionals is high, and SMBs are often at a disadvantage because they are unable to offer the same perks as their larger peers. While this does present a challenge for smaller companies, it does not mean highly skilled security professionals are out of reach. Managed IT services offer a cost-effective, comprehensive solution.

The Evolution of Cyber Crime

It should come as no surprise that the COVID-19 pandemic dramatically changed the workplace landscape. Seemingly overnight, workers left office buildings and began working from home. This rapid shift towards remote working put pressure on businesses of all sizes to increase their digital transformation efforts, and it appears as though this was a success. One report estimates the COVID-19 pandemic has accelerated digital transformation progress by at least five years^[3].

This transformation however, has not come without a cost. Rapid technological change ushers in a great deal of uncertainty and security risk, which cybercriminals love to exploit. Disruptions to supply chains and a new era of remote working and IoT presented hackers with an opportunity to exploit vulnerable systems and workers.

In 2021, digital transformation efforts are still in full steam, so SMBs need to stay vigilant to these threats. There is also growing evidence that remote working will continue beyond the pandemic, so patching and training for these evolving vulnerabilities is paramount. A recent report by McKinsey argues that more than 20 percent of the workforce could continue to work remotely 3-5 days a week^[4].

Cyber-Literacy

In 2021, there is an increased focus on cyber-literacy across all levels of the organization. Last year, C-suite executives were identified as the “greatest insider threat” to organizations, with 84% of C-level executives admitting to having been targeted in a phishing attack^[5]. Cybercriminals often target senior-level employees in what’s known as a whaling attack because these employees can often bypass security approval processes or instruct lower-ranking employees to act. Increasing awareness of cyber scams and privacy best practices needs to be a top priority in 2021 and beyond.

Cybersecurity Silos Are Out

Traditionally, companies would run several security tools separately, resulting in a siloed security approach where systems struggled to share data and communicate. In 2021, there has been a distinct shift to what experts call cybersecurity meshes - tools that work together to produce robust security across the entire operational infrastructure.

SMBs should be deliberate in choosing their cybersecurity tools to ensure they can provide comprehensive security coverage for their systems today and in the future. Given the tighter budget constraints faced by SMBs, we recommend comprehensive security solutions like the XG and XGS series Firewalls from Sophos. These devices are packed with security features which can help stop threats at that door. What’s greater though, is the power of their Synchronized Security solution to actually isolate infected endpoints within your ecosystem. Learn more at https://sophos-firewall.coast-technologies.com.

Continuous Attack Simulations

Businesses today are increasingly deploying continuous attack simulations to catch new vulnerabilities ahead of time. These Breach and Attack Simulation (BAS) tools help companies adapt security more effectively and efficiently than annual testing.

BAS tools can help SMBs who typically do not have the time or in-house skills to conduct continuous manual testing.

Adapting to Current Trends

SMBs are valuable targets for cybercriminals, and successful cyber-attacks can come at a high cost. These costs go beyond the financial impact of operational disruption and costly recovery efforts; cyberattacks can also harm the company’s reputation and erode consumer trust. According to a report by Kaspersky, the average cost of a security compromise for SMBs is an alarming $108,000[6]. SMBs that want to protect against increasingly sophisticated cyber threats should pay close attention to the latest security trends and act.

To learn more about how Coast Technologies can help secure your business, contact us today.

---

Sources

_{[1] IC3 received a record number of complaints from the American public in 2020: 791,790, with reported losses exceeding $4.1 billion. This represents a 69% increase in total complaints from 2019. Business E-mail Compromise (BEC) schemes continued to be the costliest: 19,369 complaints with an adjusted loss of approximately $1.8 billion. Phishing scams were also prominent: 241,342 complaints, with adjusted losses of over $54 million. The number of ransomware incidents also continues to rise, with 2,474 incidents reported in 2020. https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf}

_{[2] The first challenge is a skills gap. 80% of organizations tell us they have a hard time finding and hiring security professionals and 71% say it’s impacting their ability to deliver security projects within their organizations. https://www.gartner.com/en/newsroom/press-releases/2021-03-23-gartner-identifies-top-security-and-risk-management-t}

_{[3] However, some estimates have pegged COVID-19 as bringing forward digital transformation progress by 5 years at least. https://brc.org.uk/news/insight/covid-speeds-up-digital-transformation-by-5-years/}

_{[4] More than 20 percent of the workforce could work remotely three to five days a week as effectively as they could if working from an office. https://www.mckinsey.com/featured-insights/future-of-work/whats-next-for-remote-work-an-analysis-of-2000-tasks-800-jobs-and-nine-countries}

_{[5] 84% of C-level executives say they had been targeted by at least one cyberattack in the past year, with phishing attacks again being the most common (54%) https://www.forbes.com/sites/louiscolumbus/2020/05/29/cybersecuritys-greatest-insider-threat-is-in-the-c-suite/?sh=c5b29d47626f}

_{[6] According to recent research by Kaspersky, the average cost of a security compromise for a small- to medium-size business (SMB) weighs in at US$108,000. https://www.kaspersky.com/blog/secure-futures-magazine/small-business-cybersecurity/29177/}

Nancy Driver | Freelance

Covering Cybersecurity, Privacy, Technology.