In the UK, 48 percent of small business owners do not offer cybersecurity training to their employees. This leaves them exposed to an increasing number of cyber-threats.
Probrand, a Birmingham-based IT solutions provider, evaluated the cybersecurity measures for small and midsized organizations across various sectors. This analysis was conducted in collaboration With YouGov and estimated that 11% of businesses, and 8% of charities, have been victims of at least one cybercrime within the past 12 months.
The report found that almost half (47%) of organisations do not have up-to date antivirus software. 15 percent of companies lack firewall protection, which is crucial to shielding networks against external cyber threats.
Mind the Gap
Matt Royle’s Marketing Director at Probrand commented on the cybersecurity gaps. “It is clear that cyber threats are increasing both in volume and complexity. This is especially true with the advent of AI which powers a new wave attacks against businesses and organisations of the public sector alike.
“Given that the only thing that threat actors care about is making money, we shouldn’t be surprised that small businesses and charities seem to be more attractive targets. Hackers are aware of this weakness because humans are prone to making mistakes. It is therefore vital that UK businesses provide ongoing cybersecurity training and testing to their employees. It will keep them up-to-date on the latest cyber tactics and enable them to identify and respond to cyber attacks in order for their business to be less affected by financial consequences.
Our research and YouGov data show that businesses need to step up their game. Another finding revealed that 29% of companies had no patch management process in place. This is a critical step in maintaining security and productivity. It is evident that businesses need to improve their ability to mitigate risk, defend, and recover from cyber-threats. This includes updating their cybersecurity posture from a technology perspective and employee awareness.
Five Layers Cybersecurity
This report provides a five-layer cybersecurity approach for businesses in order to better manage and minimize potential threats.
Identify. Businesses should thoroughly understand the IT infrastructure they use and their data. A penetration test or external audit can reveal vulnerabilities and identify potential attack vectors.
Protect : After a thorough assessment, organisations are advised to implement security measures, including multi-factor authentication, complex password policies, and other safeguards. Email security can reduce the risk associated with phishing attacks and spam.
Detect. Continuous monitoring is necessary to identify suspicious activity. Microsoft Sentinel is a SIEM tool that helps organizations detect threats early and respond quickly.
Respond. An incident response plan will help minimise the impact of cyber attacks. Probrand’s study revealed that 81 per cent of small businesses do not have a disaster recovery plan (DR) to respond to major cyber-attacks. This is crucial for a swift and organised response.
Recover : Ransomware can cause severe disruptions to businesses, and Probrand suggests that companies should include backup policies and cyber insurance in their recovery strategies. Businesses should verify backups and screen data carefully to avoid reintroducing compromised components during recovery.
